CVE-2022-20537

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description A missing permission check in the createDialog of WifiScanModeActivity.java allows a Guest user to enable location-sensitive settings. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not required for exploitation.

Recommendations For Android version Android-13, apply the necessary permission checks in the createDialog of WifiScanModeActivity.java to prevent unauthorized access to location-sensitive settings.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2022-20537

Affected Products

Android

CVE-2022-20537

Weakness Enumeration

Related Identifiers

Affected Products

References · 3