CVE-2023-48418
User Build misconfiguration resulting in local escalation of privilege
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 10EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
02 Jan 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a
possible way to access adb before SUW completion due to an insecure default
value. This could lead to local escalation of privilege with no additional
execution privileges needed. User interaction is not needed for
exploitation
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Google · Pixel Watch