Lucene search
PRIOn knowledge basePRION:CVE-2023-20965HistoryAug 14, 2023 - 9:15 p.m.
Design/Logic Flaw
2023-08-1421:15:00
PRIOn knowledge base
www.prio-n.com
5
credential disclosure
clientmodeimpl
processmessageimpl
remote privilege escalation
tofu flow
logic error
no user interaction
nvd
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
android.googlesource.com/platform/packages/modules/Wifi/+/0d3cb609b0851ea9e5745cc6101e57c2e5e739f2
android.googlesource.com/platform/packages/modules/Wifi/+/88a8a98934215f591605028e200b6eca8f7cc45a
android.googlesource.com/platform/packages/modules/Wifi/+/bd318b9772759546509f6fdb8648366099dd65ad
source.android.com/security/bulletin/2023-08-01
Related
nvd
nvd
CVE-2023-20965
2023-08-14 21:15:10
cve
cve
CVE-2023-20965
2023-08-14 21:15:10
cnvd
cnvd
Google Android elevation of privilege vulnerability (CNVD-2023-82066)
2023-08-16 00:00:00
cvelist
cvelist
CVE-2023-20965
2023-08-14 20:48:48
