PT-2022-14716 · Google · Android

Published

2022-12-16

Updated

2025-04-21

CVE-2022-20503

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android version Android-13

Description In the onCreate method of WifiDppConfiguratorActivity.java, a missing permission check allows a guest user to add a WiFi configuration. This could lead to local escalation of privilege without needing additional execution privileges. User interaction is not required for exploitation.

Recommendations For Android version Android-13, update to a version that includes the fix for this issue to prevent local escalation of privilege. As a temporary workaround, consider restricting access to the WifiDppConfiguratorActivity to minimize the risk of exploitation.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2022-20503

Affected Products

Android

PT-2022-14716 · Google · Android

CVE-2022-20503

Weakness Enumeration

Related Identifiers

Affected Products

References · 7