Lucene search

GoogleOSV:ASB-A-221859734

HistorySep 01, 2022 - 12:00 a.m.

[Multiple users join the WI-FI network by scanning the QR code]

2022-09-0100:00:00

Google

osv.dev

wi-fi network

permissions bypass

local escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

References

android.googlesource.com/platform/packages/modules/Wifi/+/737e26535baeb007b9034f581b4616699b05725f

source.android.com/security/bulletin/2022-09-01

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-221859734