Описание
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:google:pixel_watch_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:google:pixel_watch:11:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00057
Низкий
10 Critical
CVSS3
7.8 High
CVSS3
Дефекты
CWE-269
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 10
github
около 2 лет назад
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation
EPSS
Процентиль: 18%
0.00057
Низкий
10 Critical
CVSS3
7.8 High
CVSS3
Дефекты
CWE-269
NVD-CWE-noinfo