Lucene search

[email protected]NVD:CVE-2022-20537

HistoryDec 16, 2022 - 4:15 p.m.

CVE-2022-20537

2022-12-1616:15:18

CWE-862

[email protected]

web.nvd.nist.gov

android

wifiscanmodeactivity

guest user

permission check

local privilege escalation

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

5.1%

JSON

In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169

Affected configurations

Nvd

Node

googleandroidMatch13.0

VendorProductVersionCPE
googleandroid13.0cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	13.0	cpe:2.3:o:google:android:13.0:::::::*

References

source.android.com/security/bulletin/pixel/2022-12-01

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-20537

prion1 cve1 cvelist1