CVE-2022-20508

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description In the onAttach method of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android version Android-13, consider restricting access to the ConfigureWifiSettings.java module to minimize the risk of exploitation. As a temporary workaround, limit the privileges of guest users to prevent them from modifying WiFi settings until a patch is available.