Lucene search

K
osvGoogleOSV:ASB-A-313428840
HistoryJun 01, 2024 - 12:00 a.m.

Missing permission checks in CompanionDeviceShellCommand.java

2024-06-0100:00:00
Google
osv.dev
companiondevicemanager
privilege escalation
user interaction

7 High

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7 High

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%