Lucene search

[email protected]NVD:CVE-2023-20926

HistoryMar 24, 2023 - 8:15 p.m.

CVE-2023-20926

2023-03-2420:15:09

CWE-862

[email protected]

web.nvd.nist.gov

headerprivacyiconscontroller

factory reset protections

privilege escalation

android-12

android-12l

android-13

a-253043058

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.2%

JSON

In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that’s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-253043058

Affected configurations

NVD

Node

googleandroidMatch12.0

googleandroidMatch12.1

googleandroidMatch13.0

References

source.android.com/security/bulletin/2023-03-01

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.2%

JSON

Related for NVD:CVE-2023-20926

osv1 prion1 cvelist1 cve1