exploitDog

CVE-2023-21115

Опубликовано: 15 июн. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033

Ссылки

https://source.android.com/security/bulletin/2023-06-01
Vendor Advisory
https://source.android.com/security/bulletin/2023-06-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

EPSS

Процентиль: 3%

0.00015

Низкий

8.8 High

CVSS3

Дефекты

CWE-327

Связанные уязвимости

GHSA-8mvr-47qj-w5j5

CVSS3: 8.8

github

больше 2 лет назад

In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033

EPSS

Процентиль: 3%

0.00015

Низкий

8.8 High

CVSS3

Дефекты

CWE-327