Lucene search

Google_androidCVE-2022-20330

HistoryAug 12, 2022 - 3:15 p.m.

CVE-2022-20330

2022-08-1215:15:12

CWE-862

google_android

web.nvd.nist.gov

cve-2022-20330

bluetooth

android

security vulnerability

local privilege escalation

CVSS3

3.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

5.1%

JSON

In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-181962588

Affected configurations

Nvd

Vulners

Node

googleandroidMatch13.0

VendorProductVersionCPE
googleandroid13.0cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	13.0	cpe:2.3:o:google:android:13.0:::::::*

CNA Affected

[
  {
    "product": "Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Android-13"
      }
    ]
  }
]

References

source.android.com/security/bulletin/android-13

Social References

CVSS3

3.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-20330