CVE-2024-23706

In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://android.googlesource.com/platform/packages/modules/HealthFitness/+/6e6896c3fd8139779ff8d51a99ee06667e849d87
https://source.android.com/security/bulletin/2024-05-01

Configurations

No configuration.

History

03 Jul 2024, 01:48

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.4
CWE		CWE-20

08 May 2024, 13:15

Type	Values Removed	Values Added
Summary		(es) En varias ubicaciones, existe una posible omisión de los permisos de datos de salud debido a una validación de entrada incorrecta. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. La interacción del usuario no es necesaria para la explotación.

07 May 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-07 21:15

Updated : 2024-07-03 01:48

NVD link : CVE-2024-23706

Mitre link : CVE-2024-23706

CVE.ORG link : CVE-2024-23706

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

7.4 /10