CVE-2024-23707

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23707
In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://android.googlesource.com/platform/packages/apps/Settings/+/f1d0079c91734168c150f839168544f407b17b06
https://source.android.com/security/bulletin/2024-05-01
Configurations

No configuration.

History

03 Jul 2024, 01:48

Type Values Removed Values Added
CWE CWE-20
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

08 May 2024, 13:15

Type Values Removed Values Added
Summary
  • (es) En varias ubicaciones, existe una posible omisión de permisos debido a una validación de entrada incorrecta. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. Se necesita la interacción del usuario para la explotación.

07 May 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-07 21:15

Updated : 2024-07-03 01:48

NVD link : CVE-2024-23707

Mitre link : CVE-2024-23707

CVE.ORG link : CVE-2024-23707

JSON object : View

Products Affected

No product.

CWE
CWE-20

Improper Input Validation