CVE-2023-48418

2024-01-0223:15:11

CWE-269

[email protected]

web.nvd.nist.gov

cve-2023-48418

deviceversionfragment.java

local escalation

privilege

nvd

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a
possible way to access adb before SUW completion due to an insecure default
value. This could lead to local escalation of privilege with no additional
execution privileges needed. User interaction is not needed for
exploitation

Affected configurations

NVD

Node

googlepixel_watchMatch11

AND

googlepixel_watch_firmwareMatch-

CPENameOperatorVersion
google:pixel_watch_firmwaregoogle pixel watch firmwareeq-

CPE	Name	Operator	Version
google:pixel_watch_firmware	google pixel watch firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Android"
    ],
    "product": "Pixel Watch",
    "vendor": "Google",
    "versions": [
      {
        "status": "affected",
        "version": "11"
      }
    ]
  }
]