CVE-2023-45777

{"id": "CVE-2023-45777", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-12-04T23:15:26.623", "references": [{"url": "https://android.googlesource.com/platform/frameworks/base/+/f4644b55d36a549710ba35b6fb797ba744807da6", "tags": ["Mailing List", "Patch"], "source": "security@android.com"}, {"url": "https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6", "tags": ["Mailing List", "Patch"], "source": "security@android.com"}, {"url": "https://source.android.com/security/bulletin/2023-12-01", "tags": ["Patch", "Vendor Advisory"], "source": "security@android.com"}, {"url": "https://android.googlesource.com/platform/frameworks/base/+/f4644b55d36a549710ba35b6fb797ba744807da6", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://source.android.com/security/bulletin/2023-12-01", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."}, {"lang": "es", "value": "En checkKeyIntentParceledCorrectly de AccountManagerService.java, existe una forma posible de iniciar actividades arbitrarias utilizando privilegios del sistema debido a una falta de coincidencia de parcelas. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."}], "lastModified": "2024-11-21T08:27:21.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"}, {"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}