exploitDog

CVE-2023-21135

Опубликовано: 15 июн. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119

Ссылки

https://source.android.com/security/bulletin/2023-06-01
Patch
Vendor Advisory
https://source.android.com/security/bulletin/2023-06-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.0001

Низкий

7.8 High

CVSS3

Дефекты

CWE-20

CWE-120

Связанные уязвимости

GHSA-c2q6-w4g5-fhfr

CVSS3: 7.8

github

больше 2 лет назад

In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119

EPSS

Процентиль: 1%

0.0001

Низкий

7.8 High

CVSS3

Дефекты

CWE-20

CWE-120