PT-2023-17749 · Google · Android
Published
2023-03-01
·
Updated
2023-03-28
·
CVE-2023-20960
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Android versions Android-12L through Android-13
Description
The issue is related to improper input validation in the
launchDeepLinkIntentToRight function of SettingsHomepageActivity.java. This could allow the launch of arbitrary activities, potentially leading to local escalation of privilege. User interaction is not required for exploitation, and the attack can be performed with User execution privileges.Recommendations
For Android versions Android-12L through Android-13, apply the fix provided by the Android security update to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android