7.8

CVE-2023-45777

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version13.0
GoogleAndroid Version14.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.262
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6
Patch
Mailing List
https://source.android.com/security/bulletin/2023-12-01
Patch
Vendor Advisory
https://android.googlesource.com/platform/frameworks/base/+/f4644b55d36a549710ba35b6fb797ba744807da6
Patch
Mailing List