CVE-2018-9431

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

n OSUInfo of OSUInfo.java, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Link	Resource
https://source.android.com/docs/security/bulletin/pixel/2018-07-01	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:google:android:8.0:::::::*
	cpe:2.3:o:google:android:8.1:::::::*

History

18 Dec 2024, 20:17

Type	Values Removed	Values Added
References	~~() https://source.android.com/docs/security/bulletin/pixel/2018-07-01 -~~	() https://source.android.com/docs/security/bulletin/pixel/2018-07-01 - Patch, Vendor Advisory
First Time		Google android Google
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:o:google:android:8.0:::::::* cpe:2.3:o:google:android:8.1:::::::*

03 Dec 2024, 15:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
Summary		(es) En OSUInfo de OSUInfo.java, existe una posible escalada de privilegios debido a una validación de entrada incorrecta. Esto podría provocar una escalada local de privilegios sin necesidad de privilegios de ejecución adicionales. No se necesita la interacción del usuario para la explotación.
CWE		CWE-276

02 Dec 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-02 22:15

Updated : 2024-12-18 20:17

NVD link : CVE-2018-9431

Mitre link : CVE-2018-9431

CVE.ORG link : CVE-2018-9431

JSON object : View

Products Affected

android

CWE

NVD-CWE-noinfo CWE-276

Incorrect Default Permissions

{"id": "CVE-2018-9431", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-12-02T22:15:09.210", "references": [{"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due\u00a0to improper input validation. This could lead to local escalation of\u00a0privilege with no additional execution privileges needed. User interaction\u00a0is not needed for exploitation."}, {"lang": "es", "value": "En OSUInfo de OSUInfo.java, existe una posible escalada de privilegios debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."}], "lastModified": "2024-12-18T20:17:59.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033"}, {"criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}