← voltar
CVE-2023-48418

User Build misconfiguration resulting in local escalation of privilege

CVSS 10 CRITICALEPSS 0.2%CWE-269
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 10EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
02 jan 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a     possible way to access adb before SUW completion due to an insecure default     value. This could lead to local escalation of privilege with no additional     execution privileges needed. User interaction is not needed for     exploitation
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Google · Pixel Watch