CVE-2024-40650

EPSS 0.01%
Published 11.09.2024 00:15:11
Last modified 17.12.2024 19:08:50
Source security@android.com
Teams watchlist Login
Open Login

In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Android Version12.0

Google ≫ Android Version12.1

Google ≫ Android Version13.0

Google ≫ Android Version14.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.008

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-358 Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://source.android.com/security/bulletin/2024-09-01

Patch

Vendor Advisory

https://android.googlesource.com/platform/packages/apps/Settings/+/2968ccc911956fa5813a9a6a5e5c8970e383a60f

Patch

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-40650

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-40650

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-40650

EUVD