exploitDog

CVE-2023-21230

Опубликовано: 14 авг. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Ссылки

https://source.android.com/security/bulletin/wear/2023-08-01
Broken Link
https://source.android.com/security/bulletin/wear/2023-08-01
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.0001

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-754

Связанные уязвимости

GHSA-876p-r622-7chq

CVSS3: 5.5

github

больше 2 лет назад

In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS

Процентиль: 1%

0.0001

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-754