ГлавнаяУязвимости → CVE-2023-48418
10критическая

CVE-2023-48418

Описание

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a     possible way to access adb before SUW completion due to an insecure default     value. This could lead to local escalation of privilege with no additional     execution privileges needed. User interaction is not needed for     exploitation

Затрагиваемое ПО
Google Pixel watch firmwareGoogle Pixel watch
CVSS
Балл10 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Источники
http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.htmlhttps://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.htmlhttps://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01