PT-2022-14624 · Google · Android
Published
2022-09-01
·
Updated
2022-09-19
·
CVE-2022-20398
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Android version Android-13
Description
In the
addOrUpdateNetwork function of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Recommendations
For Android version Android-13, update to a version that includes the fix for the permissions bypass issue in
WifiServiceImpl.java. As a temporary workaround, consider restricting access to the addOrUpdateNetwork function to minimize the risk of exploitation.Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android