gsd-2023-45777
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Aliases
Aliases
CVE-2023-45777


To clipboard 

{
  "GSD": {
    "alias": "CVE-2023-45777",
    "id": "GSD-2023-45777"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-45777"
      ],
      "details": "In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
      "id": "GSD-2023-45777",
      "modified": "2023-12-13T01:20:37.828139Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@android.com",
        "ID": "CVE-2023-45777",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Android",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "14"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "13"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Google"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Elevation of privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6",
            "refsource": "MISC",
            "url": "https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6"
          },
          {
            "name": "https://android.googlesource.com/platform/frameworks/base/+/f4644b55d36a549710ba35b6fb797ba744807da6",
            "refsource": "MISC",
            "url": "https://android.googlesource.com/platform/frameworks/base/+/f4644b55d36a549710ba35b6fb797ba744807da6"
          },
          {
            "name": "https://source.android.com/security/bulletin/2023-12-01",
            "refsource": "MISC",
            "url": "https://source.android.com/security/bulletin/2023-12-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
          },
          {
            "lang": "es",
            "value": "En checkKeyIntentParceledCorrectly de AccountManagerService.java, existe una forma posible de iniciar actividades arbitrarias utilizando privilegios del sistema debido a una falta de coincidencia de parcelas. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
          }
        ],
        "id": "CVE-2023-45777",
        "lastModified": "2024-02-02T03:14:19.097",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-12-04T23:15:26.623",
        "references": [
          {
            "source": "security@android.com",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://android.googlesource.com/platform/frameworks/base/+/f4644b55d36a549710ba35b6fb797ba744807da6"
          },
          {
            "source": "security@android.com",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6"
          },
          {
            "source": "security@android.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://source.android.com/security/bulletin/2023-12-01"
          }
        ],
        "sourceIdentifier": "security@android.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.