CVE-2023-48418
User Build misconfiguration resulting in local escalation of privilege
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 10EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
02 jan 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a
possible way to access adb before SUW completion due to an insecure default
value. This could lead to local escalation of privilege with no additional
execution privileges needed. User interaction is not needed for
exploitation
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Google · Pixel Watch