Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-4468

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-29 Dec, 2023 | 09:38
Updated At-02 Aug, 2024 | 07:31
Rejected At-
Credits

Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud Registration authorization

A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:29 Dec, 2023 | 09:38
Updated At:02 Aug, 2024 | 07:31
Rejected At:
▼CVE Numbering Authority (CNA)
Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud Registration authorization

A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability.

Affected Products
Vendor
Poly
Product
Trio 8500
Modules
  • Poly Lens Management Cloud Registration
Versions
Affected
  • n/a
Vendor
Poly
Product
Trio 8800
Modules
  • Poly Lens Management Cloud Registration
Versions
Affected
  • n/a
Vendor
Poly
Product
Trio C60
Modules
  • Poly Lens Management Cloud Registration
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3.04.3MEDIUM
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2.04.6N/A
AV:L/AC:L/Au:N/C:P/I:P/A:P
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 4.6
Base severity: N/A
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Christoph Wolff
finder
Pascal Zenker
Timeline
EventDate
Advisory disclosed2023-12-29 00:00:00
VulDB entry created2023-12-29 01:00:00
VulDB entry last update2024-01-09 17:20:44
Event: Advisory disclosed
Date: 2023-12-29 00:00:00
Event: VulDB entry created
Date: 2023-12-29 01:00:00
Event: VulDB entry last update
Date: 2024-01-09 17:20:44
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.249261
vdb-entry
https://vuldb.com/?ctiid.249261
signature
permissions-required
https://modzero.com/en/advisories/mz-23-01-poly-voip/
related
https://support.hp.com/us-en/document/ish_9929447-9929472-16/hpsbpy03902
related
https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices
exploit
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html
related
Hyperlink: https://vuldb.com/?id.249261
Resource:
vdb-entry
Hyperlink: https://vuldb.com/?ctiid.249261
Resource:
signature
permissions-required
Hyperlink: https://modzero.com/en/advisories/mz-23-01-poly-voip/
Resource:
related
Hyperlink: https://support.hp.com/us-en/document/ish_9929447-9929472-16/hpsbpy03902
Resource:
related
Hyperlink: https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices
Resource:
exploit
Hyperlink: https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html
Resource:
related
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.249261
vdb-entry
x_transferred
https://vuldb.com/?ctiid.249261
signature
permissions-required
x_transferred
https://modzero.com/en/advisories/mz-23-01-poly-voip/
related
x_transferred
https://support.hp.com/us-en/document/ish_9929447-9929472-16/hpsbpy03902
related
x_transferred
https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices
exploit
x_transferred
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html
related
x_transferred
Hyperlink: https://vuldb.com/?id.249261
Resource:
vdb-entry
x_transferred
Hyperlink: https://vuldb.com/?ctiid.249261
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://modzero.com/en/advisories/mz-23-01-poly-voip/
Resource:
related
x_transferred
Hyperlink: https://support.hp.com/us-en/document/ish_9929447-9929472-16/hpsbpy03902
Resource:
related
x_transferred
Hyperlink: https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices
Resource:
exploit
x_transferred
Hyperlink: https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html
Resource:
related
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:29 Dec, 2023 | 10:15
Updated At:17 May, 2024 | 02:31

A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.6HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Secondary3.14.3MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Secondary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
poly
poly
>>trio_8800_firmware>>-
cpe:2.3:o:poly:trio_8800_firmware:-:*:*:*:*:*:*:*
poly
poly
>>trio_8800>>-
cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*
poly
poly
>>trio_c60>>-
cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:*
poly
poly
>>trio_c60>>-
cpe:2.3:h:poly:trio_c60:-:*:*:*:*:*:*:*
poly
poly
>>lens>>-
cpe:2.3:a:poly:lens:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarycna@vuldb.com
CWE ID: CWE-862
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.htmlcna@vuldb.com
Not Applicable
https://github.com/modzero/MZ-23-01-Poly-VoIP-Devicescna@vuldb.com
N/A
https://modzero.com/en/advisories/mz-23-01-poly-voip/cna@vuldb.com
N/A
https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/nvd@nist.gov
Third Party Advisory
https://support.hp.com/us-en/document/ish_9929447-9929472-16/hpsbpy03902cna@vuldb.com
N/A
https://vuldb.com/?ctiid.249261cna@vuldb.com
Permissions Required
Third Party Advisory
https://vuldb.com/?id.249261cna@vuldb.com
Third Party Advisory
Hyperlink: https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html
Source: cna@vuldb.com
Resource:
Not Applicable
Hyperlink: https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://modzero.com/en/advisories/mz-23-01-poly-voip/
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/
Source: nvd@nist.gov
Resource:
Third Party Advisory
Hyperlink: https://support.hp.com/us-en/document/ish_9929447-9929472-16/hpsbpy03902
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.249261
Source: cna@vuldb.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: https://vuldb.com/?id.249261
Source: cna@vuldb.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

64Records found
CVE-2021-39734
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.16%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208650395References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2021-39758
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.54%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205130886

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2019-2090
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.81%
||
7 Day CHG~0.00%
Published-07 Jun, 2019 | 19:31
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128599183

Action-Not Available
Vendor-AndroidGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2017-13247
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.55%
||
7 Day CHG~0.00%
Published-12 Feb, 2018 | 19:00
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-71486645.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2019-2026
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.66%
||
7 Day CHG~0.00%
Published-19 Apr, 2019 | 19:15
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. This could lead to local escalation of privilege and FRP bypass with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0Android ID: A-120866126

Action-Not Available
Vendor-AndroidGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2021-0547
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.66%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 11:11
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2021-0513
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.32%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 16:01
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-156090809

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2019-10167
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.05% / 13.38%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 12:05
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

Action-Not Available
Vendor-libvirtRed Hat, Inc.
Product-enterprise_linux_servervirtualizationenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_server_tusenterprise_linux_desktoplibvirtlibvirt
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-0390
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.07%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 15:40
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174749461

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-23735
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-03 Dec, 2020 | 16:57
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges

Action-Not Available
Vendor-saibon/a
Product-cyber_game_acceleratorn/a
CWE ID-CWE-862
Missing Authorization
CVE-2020-14971
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.04%
||
7 Day CHG~0.00%
Published-23 Jun, 2020 | 13:41
Updated-04 Aug, 2024 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.gz archive. The attacker then modifies the host parameter in dnsmasq.d files, and then compresses and uploads these files again.

Action-Not Available
Vendor-pi-holen/a
Product-pi-holen/a
CWE ID-CWE-862
Missing Authorization
CVE-2017-17450
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.75%
||
7 Day CHG~0.00%
Published-07 Dec, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-862
Missing Authorization
CVE-2017-11042
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.01%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-862
Missing Authorization
CVE-2020-0054
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.29%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 20:04
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146642727

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • Next
Details not found