Search criteria
5 vulnerabilities found for Pixel Watch by Google
VAR-202401-0564
Vulnerability from variot - Updated: 2024-02-29 23:12In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation . Google of pixel watch There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel Watch is a smart watch made by the American company Google.
Google Pixel Watch privilege escalation vulnerability. This vulnerability is due to an unsafe default value flaw in the checkDebuggingDisabled function in DeviceVersionFragment.java. An attacker can use this vulnerability to obtain elevated privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202401-0564",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pixel watch",
"scope": "eq",
"trust": 1.8,
"vendor": "google",
"version": null
},
{
"model": "pixel watch",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "pixel watch",
"scope": "eq",
"trust": 0.8,
"vendor": "google",
"version": "pixel watch firmware"
},
{
"model": "pixel watch",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "11"
},
{
"model": "pixel watch firmwar",
"scope": null,
"trust": 0.6,
"vendor": "google",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-10332"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024584"
},
{
"db": "NVD",
"id": "CVE-2023-48418"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:google:pixel_watch_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:google:pixel_watch:11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-48418"
}
]
},
"cve": "CVE-2023-48418",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-10332",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "dsap-vuln-management@google.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-48418",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-48418",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "dsap-vuln-management@google.com",
"id": "CVE-2023-48418",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2024-10332",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-10332"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024584"
},
{
"db": "NVD",
"id": "CVE-2023-48418"
},
{
"db": "NVD",
"id": "CVE-2023-48418"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\u00a0In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a\n\u00a0 \u00a0 possible way to access adb before SUW completion due to an insecure default\n\u00a0 \u00a0 value. This could lead to local escalation of privilege with no additional\n\u00a0 \u00a0 execution privileges needed. User interaction is not needed for\n\u00a0 \u00a0 exploitation\n. Google of pixel watch There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel Watch is a smart watch made by the American company Google. \n\r\n\r\nGoogle Pixel Watch privilege escalation vulnerability. This vulnerability is due to an unsafe default value flaw in the checkDebuggingDisabled function in DeviceVersionFragment.java. An attacker can use this vulnerability to obtain elevated privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-48418"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024584"
},
{
"db": "CNVD",
"id": "CNVD-2024-10332"
},
{
"db": "VULMON",
"id": "CVE-2023-48418"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-48418",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "176446",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024584",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-10332",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-48418",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-10332"
},
{
"db": "VULMON",
"id": "CVE-2023-48418"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024584"
},
{
"db": "NVD",
"id": "CVE-2023-48418"
}
]
},
"id": "VAR-202401-0564",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-10332"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-10332"
}
]
},
"last_update_date": "2024-02-29T23:12:50.065000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Google Pixel Watch Privilege Elevation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/528306"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-10332"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024584"
},
{
"db": "NVD",
"id": "CVE-2023-48418"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/176446/android-deviceversionfragment.java-privilege-escalation.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48418"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-10332"
},
{
"db": "VULMON",
"id": "CVE-2023-48418"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024584"
},
{
"db": "NVD",
"id": "CVE-2023-48418"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-10332"
},
{
"db": "VULMON",
"id": "CVE-2023-48418"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024584"
},
{
"db": "NVD",
"id": "CVE-2023-48418"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-10332"
},
{
"date": "2024-01-02T00:00:00",
"db": "VULMON",
"id": "CVE-2023-48418"
},
{
"date": "2024-02-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-024584"
},
{
"date": "2024-01-02T23:15:11",
"db": "NVD",
"id": "CVE-2023-48418"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-10332"
},
{
"date": "2024-01-03T00:00:00",
"db": "VULMON",
"id": "CVE-2023-48418"
},
{
"date": "2024-02-01T02:30:00",
"db": "JVNDB",
"id": "JVNDB-2023-024584"
},
{
"date": "2024-01-10T23:15:09.053000",
"db": "NVD",
"id": "CVE-2023-48418"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google\u00a0 of \u00a0pixel\u00a0watch\u00a0 Firmware vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024584"
}
],
"trust": 0.8
}
}
CVE-2023-48418 (GCVE-0-2023-48418)
Vulnerability from cvelistv5 – Published: 2024-01-02 22:25 – Updated: 2025-06-03 14:45
VLAI?
Title
User Build misconfiguration resulting in local escalation of privilege
Summary
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a
possible way to access adb before SUW completion due to an insecure default
value. This could lead to local escalation of privilege with no additional
execution privileges needed. User interaction is not needed for
exploitation
Severity ?
10 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pixel Watch |
Affected:
11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:30:35.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48418",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:41:16.354905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:45:10.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Pixel Watch",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp; \u0026nbsp; possible way to access adb before SUW completion due to an insecure default\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp; \u0026nbsp; value. This could lead to local escalation of privilege with no additional\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp; \u0026nbsp; execution privileges needed. User interaction is not needed for\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp; \u0026nbsp; exploitation\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a\n\u00a0 \u00a0 possible way to access adb before SUW completion due to an insecure default\n\u00a0 \u00a0 value. This could lead to local escalation of privilege with no additional\n\u00a0 \u00a0 execution privileges needed. User interaction is not needed for\n\u00a0 \u00a0 exploitation"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T23:06:12.635Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"
},
{
"url": "http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "User Build misconfiguration resulting in local escalation of privilege",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2023-48418",
"datePublished": "2024-01-02T22:25:31.573Z",
"dateReserved": "2023-11-16T16:28:09.701Z",
"dateUpdated": "2025-06-03T14:45:10.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4164 (GCVE-0-2023-4164)
Vulnerability from cvelistv5 – Published: 2024-01-02 21:20 – Updated: 2024-09-06 17:52
VLAI?
Title
There is a possible information disclosure due to a missing permission check in Pixel Watch
Summary
There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed.
Severity ?
8.4 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pixel Watch |
Unknown:
v10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:google:pixel_watch:10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pixel_watch",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-08T19:31:26.198837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T17:52:41.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Pixel Watch",
"vendor": "Google",
"versions": [
{
"status": "unknown",
"version": "v10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a possible information\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edisclosure due to a missing permission check. This could lead to local\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003einformation disclosure of health data with no additional execution\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;privileges needed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is a possible information\u00a0disclosure due to a missing permission check. This could lead to local\u00a0information disclosure of health data with no additional execution\u00a0privileges needed.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-02T21:20:15.891Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "There is a possible information disclosure due to a missing permission check in Pixel Watch",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2023-4164",
"datePublished": "2024-01-02T21:20:15.891Z",
"dateReserved": "2023-08-04T20:20:39.581Z",
"dateUpdated": "2024-09-06T17:52:41.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48418 (GCVE-0-2023-48418)
Vulnerability from nvd – Published: 2024-01-02 22:25 – Updated: 2025-06-03 14:45
VLAI?
Title
User Build misconfiguration resulting in local escalation of privilege
Summary
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a
possible way to access adb before SUW completion due to an insecure default
value. This could lead to local escalation of privilege with no additional
execution privileges needed. User interaction is not needed for
exploitation
Severity ?
10 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pixel Watch |
Affected:
11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:30:35.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48418",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:41:16.354905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:45:10.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Pixel Watch",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp; \u0026nbsp; possible way to access adb before SUW completion due to an insecure default\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp; \u0026nbsp; value. This could lead to local escalation of privilege with no additional\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp; \u0026nbsp; execution privileges needed. User interaction is not needed for\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp; \u0026nbsp; exploitation\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a\n\u00a0 \u00a0 possible way to access adb before SUW completion due to an insecure default\n\u00a0 \u00a0 value. This could lead to local escalation of privilege with no additional\n\u00a0 \u00a0 execution privileges needed. User interaction is not needed for\n\u00a0 \u00a0 exploitation"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T23:06:12.635Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"
},
{
"url": "http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "User Build misconfiguration resulting in local escalation of privilege",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2023-48418",
"datePublished": "2024-01-02T22:25:31.573Z",
"dateReserved": "2023-11-16T16:28:09.701Z",
"dateUpdated": "2025-06-03T14:45:10.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4164 (GCVE-0-2023-4164)
Vulnerability from nvd – Published: 2024-01-02 21:20 – Updated: 2024-09-06 17:52
VLAI?
Title
There is a possible information disclosure due to a missing permission check in Pixel Watch
Summary
There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed.
Severity ?
8.4 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pixel Watch |
Unknown:
v10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:google:pixel_watch:10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pixel_watch",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-08T19:31:26.198837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T17:52:41.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Pixel Watch",
"vendor": "Google",
"versions": [
{
"status": "unknown",
"version": "v10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a possible information\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edisclosure due to a missing permission check. This could lead to local\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003einformation disclosure of health data with no additional execution\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;privileges needed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is a possible information\u00a0disclosure due to a missing permission check. This could lead to local\u00a0information disclosure of health data with no additional execution\u00a0privileges needed.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-02T21:20:15.891Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "There is a possible information disclosure due to a missing permission check in Pixel Watch",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2023-4164",
"datePublished": "2024-01-02T21:20:15.891Z",
"dateReserved": "2023-08-04T20:20:39.581Z",
"dateUpdated": "2024-09-06T17:52:41.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}