Lucene search

[email protected]NVD:CVE-2023-45779

HistoryDec 04, 2023 - 11:15 p.m.

CVE-2023-45779

2023-12-0423:15:26

[email protected]

web.nvd.nist.gov

aosp

apex module

framework

crypto

vulnerability

local escalation

privilege

exploitation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the referenced links.

Affected configurations

Nvd

Node

googleandroidMatch-

VendorProductVersionCPE
googleandroid-cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	-	cpe:2.3:o:google:android:-:::::::*

References

github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962

rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html

source.android.com/security/bulletin/2023-12-01

www.fairphone.com/en/2024/01/30/security-update-apex-modules-vulnerability-fixed/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-45779

cve1 githubexploit1 cvelist1 prion1