CVE-2023-45777

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

n checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Link	Resource
https://android.googlesource.com/platform/frameworks/base/+/f4644b55d36a549710ba35b6fb797ba744807da6	Mailing List Patch
https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6	Mailing List Patch
https://source.android.com/security/bulletin/2023-12-01	Patch Vendor Advisory
https://android.googlesource.com/platform/frameworks/base/+/f4644b55d36a549710ba35b6fb797ba744807da6	Mailing List Patch
https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6	Mailing List Patch
https://source.android.com/security/bulletin/2023-12-01	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:google:android:14.0:::::::*

History

21 Nov 2024, 08:27

Type	Values Removed	Values Added
References	~~() https://android.googlesource.com/platform/frameworks/base/+/f4644b55d36a549710ba35b6fb797ba744807da6 - Mailing List, Patch~~	() https://android.googlesource.com/platform/frameworks/base/+/f4644b55d36a549710ba35b6fb797ba744807da6 - Mailing List, Patch
References	~~() https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6 - Mailing List, Patch~~	() https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6 - Mailing List, Patch
References	~~() https://source.android.com/security/bulletin/2023-12-01 - Patch, Vendor Advisory~~	() https://source.android.com/security/bulletin/2023-12-01 - Patch, Vendor Advisory

Information

Published : 2023-12-04 23:15

Updated : 2024-11-21 08:27

NVD link : CVE-2023-45777

Mitre link : CVE-2023-45777

CVE.ORG link : CVE-2023-45777

JSON object : View

Products Affected

android

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-45777", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-12-04T23:15:26.623", "references": [{"url": "https://android.googlesource.com/platform/frameworks/base/+/f4644b55d36a549710ba35b6fb797ba744807da6", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6", "tags": ["Mailing List", "Patch"], "source": "[email protected]"}, {"url": "https://source.android.com/security/bulletin/2023-12-01", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://android.googlesource.com/platform/frameworks/base/+/f4644b55d36a549710ba35b6fb797ba744807da6", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://source.android.com/security/bulletin/2023-12-01", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."}, {"lang": "es", "value": "En checkKeyIntentParceledCorrectly de AccountManagerService.java, existe una forma posible de iniciar actividades arbitrarias utilizando privilegios del sistema debido a una falta de coincidencia de parcelas. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."}], "lastModified": "2024-11-21T08:27:21.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"}, {"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}