CVE-2024-0042

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

n TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Link	Resource
https://source.android.com/security/bulletin/2024-04-01	Vendor Advisory
https://source.android.com/security/bulletin/2024-04-01	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

17 Dec 2024, 16:47

Type	Values Removed	Values Added
CPE		cpe:2.3:o:google:android:-:::::::*
First Time		Google android Google
References	~~() https://source.android.com/security/bulletin/2024-04-01 -~~	() https://source.android.com/security/bulletin/2024-04-01 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~5.6~~	v2 : unknown v3 : 7.8

21 Nov 2024, 08:45

Type	Values Removed	Values Added
References	~~() https://source.android.com/security/bulletin/2024-04-01 -~~	() https://source.android.com/security/bulletin/2024-04-01 -

08 Jul 2024, 14:16

Type	Values Removed	Values Added
CWE	~~CWE-843~~	CWE-295

03 Jul 2024, 01:44

Type	Values Removed	Values Added
CWE		CWE-843
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.6

08 May 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-07 21:15

Updated : 2024-12-17 16:47

NVD link : CVE-2024-0042

Mitre link : CVE-2024-0042

CVE.ORG link : CVE-2024-0042

JSON object : View

Products Affected

android

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2024-0042", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.2}]}, "published": "2024-05-07T21:15:08.540", "references": [{"url": "https://source.android.com/security/bulletin/2024-04-01", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://source.android.com/security/bulletin/2024-04-01", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation."}, {"lang": "es", "value": "En TBD de TBD, existe una posible confusi\u00f3n entre los certificados OEM y DRM debido a un uso incorrecto de las criptomonedas. Esto podr\u00eda provocar una omisi\u00f3n local de la protecci\u00f3n de contenido DRM sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."}], "lastModified": "2024-12-17T16:47:02.183", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}