CVE-2024-0048

EPSS 0.02%
Veröffentlicht 11.03.2024 17:15:45
Zuletzt bearbeitet 16.12.2024 19:47:07
Quelle security@android.com
Teams Watchlist Login
Unerledigt Login

In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version12.0

Google ≫ Android Version12.1

Google ≫ Android Version13.0

Google ≫ Android Version14.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.036

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-230 Improper Handling of Missing Values

The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.

https://source.android.com/security/bulletin/2024-03-01

Patch

Vendor Advisory

https://android.googlesource.com/platform/frameworks/base/+/2c236cde5505ee0e88cf1e3d073e2f1a53f0eede

Patch

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-0048

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0048

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0048

EUVD