CVE-2024-23704

In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS

No CVSS.

References

Link	Resource
https://android.googlesource.com/platform/packages/apps/Settings/+/2e90322bab7de1deaf3c82e207bf4404b92743d7
https://source.android.com/security/bulletin/2024-04-01

Configurations

No configuration.

History

08 May 2024, 13:15

Type	Values Removed	Values Added
Summary		(es) En onCreate de WifiDialogActivity.java, existe una forma posible de evitar la restricción DISALLOW_ADD_WIFI_CONFIG debido a una falta de verificación de permiso. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. La interacción del usuario no es necesaria para la explotación.

07 May 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-07 21:15

Updated : 2024-05-08 13:15

NVD link : CVE-2024-23704

Mitre link : CVE-2024-23704

CVE.ORG link : CVE-2024-23704

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-23704

Attach tags to `CVE-2024-23704`