Lucene search

[email protected]CVE-2022-20335

HistoryAug 12, 2022 - 3:15 p.m.

CVE-2022-20335

2022-08-1215:15:12

CWE-862

[email protected]

web.nvd.nist.gov

cve-2022-20335

wifi slice

wi-fi settings

android

local privilege escalation

security vulnerability

nvd

android-13

a-178014725

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-178014725

Affected configurations

NVD

Node

googleandroidMatch13.0

CPENameOperatorVersion
google:androidgoogle androideq13.0

CPE	Name	Operator	Version
google:android	google android	eq	13.0

CNA Affected

[
  {
    "product": "Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Android-13"
      }
    ]
  }
]

References

source.android.com/security/bulletin/android-13

Social References

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2022-20335

nvd1 prion1 cvelist1 androidsecurity1