Lucene search
HistorySep 04, 2024 - 6:15 a.m.
CVE-2024-34637
improper access control
windowmanagerservice
local attackers
service starting
android 12
android 13
android 14
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0
Percentile
9.6%
Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.
Affected configurations
Node
samsungandroidMatch12.0-
ORsamsungandroidMatch12.0smr_sep-2024-r1
ORsamsungandroidMatch13.0-
ORsamsungandroidMatch13.0smr-jun-2024-r1
ORsamsungandroidMatch14.0-
ORsamsungandroidMatch14.0smr-jun-2024-r1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr_sep-2024-r1:*:*:*:*:*:* |
| samsung | android | 13.0 | cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:* |
| samsung | android | 13.0 | cpe:2.3:o:samsung:android:13.0:smr-jun-2024-r1:*:*:*:*:*:* |
| samsung | android | 14.0 | cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:* |
| samsung | android | 14.0 | cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:* |
Related
cve
cve
CVE-2024-34637
2024-09-04 06:15:11
cvelist
cvelist
CVE-2024-34637
2024-09-04 05:32:18
vulnrichment
vulnrichment
CVE-2024-34637
2024-09-04 05:32:18
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0
Percentile
9.6%
Related for NVD:CVE-2024-34637