OpenCVE

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Google	Android
Unisoc	Sc7731e Sc9832e Sc9863a T606 T610 T612 T616 T618

Configuration 1 [-]

AND

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

OR	cpe:2.3:h:unisoc:sc7731e:-:::::::*
	cpe:2.3:h:unisoc:sc9832e:-:::::::*
	cpe:2.3:h:unisoc:sc9863a:-:::::::*
	cpe:2.3:h:unisoc:t606:-:::::::*
	cpe:2.3:h:unisoc:t610:-:::::::*
	cpe:2.3:h:unisoc:t612:-:::::::*
	cpe:2.3:h:unisoc:t616:-:::::::*
	cpe:2.3:h:unisoc:t618:-:::::::*

No data.

References

Link	Providers
https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434

History

Wed, 02 Oct 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Unisoc

Published: 2023-09-04T01:16:07.608Z

Updated: 2024-10-02T14:34:19.692Z

Reserved: 2023-07-18T07:24:19.587Z

Link: CVE-2023-38456

Vulnrichment

Updated: 2024-08-02T17:39:13.617Z

NVD

Status : Modified

Published: 2023-09-04T02:15:09.517

Modified: 2024-11-21T08:13:36.820

Link: CVE-2023-38456

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38456", "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "state": "PUBLISHED", "assignerShortName": "Unisoc", "dateReserved": "2023-07-18T07:24:19.587Z", "datePublished": "2023-09-04T01:16:07.608Z", "dateUpdated": "2024-10-02T14:34:19.692Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc", "dateUpdated": "2023-09-04T01:16:07.608Z"}, "references": [{"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"}], "affected": [{"defaultStatus": "unaffected", "product": "SC7731E/SC9832E/SC9863A/T606/T612/T616/T610/T618", "versions": [{"version": "Android9/Android10/Android11", "status": "affected"}], "vendor": "Unisoc (Shanghai) Technologies Co., Ltd."}], "descriptions": [{"lang": "en", "value": "In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.617Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "unisoc", "product": "sc7731e", "cpes": ["cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "android9_android_10_android11", "status": "affected"}]}, {"vendor": "unisoc", "product": "sc9832e", "cpes": ["cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "android9_android_10_android11", "status": "affected"}]}, {"vendor": "unisoc", "product": "sc9863a", "cpes": ["cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "android9_android_10_android11", "status": "affected"}]}, {"vendor": "unisoc", "product": "t606", "cpes": ["cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "android9_android_10_android11", "status": "affected"}]}, {"vendor": "unisoc", "product": "t612", "cpes": ["cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "android9_android_10_android11", "status": "affected"}]}, {"vendor": "unisoc", "product": "t616", "cpes": ["cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "android9_android_10_android11", "status": "affected"}]}, {"vendor": "unisoc", "product": "t610", "cpes": ["cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "android9_android_10_android11", "status": "affected"}]}, {"vendor": "unisoc", "product": "t618", "cpes": ["cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "android9_android_10_android11", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T14:20:47.101460Z", "id": "CVE-2023-38456", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T14:34:19.692Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.617Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38456", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-02T14:20:47.101460Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*"], "vendor": "unisoc", "product": "sc7731e", "versions": [{"status": "affected", "version": "android9_android_10_android11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*"], "vendor": "unisoc", "product": "sc9832e", "versions": [{"status": "affected", "version": "android9_android_10_android11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*"], "vendor": "unisoc", "product": "sc9863a", "versions": [{"status": "affected", "version": "android9_android_10_android11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*"], "vendor": "unisoc", "product": "t606", "versions": [{"status": "affected", "version": "android9_android_10_android11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*"], "vendor": "unisoc", "product": "t612", "versions": [{"status": "affected", "version": "android9_android_10_android11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*"], "vendor": "unisoc", "product": "t616", "versions": [{"status": "affected", "version": "android9_android_10_android11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*"], "vendor": "unisoc", "product": "t610", "versions": [{"status": "affected", "version": "android9_android_10_android11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*"], "vendor": "unisoc", "product": "t618", "versions": [{"status": "affected", "version": "android9_android_10_android11"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T14:23:08.487Z"}}], "cna": {"affected": [{"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "product": "SC7731E/SC9832E/SC9863A/T606/T612/T616/T610/T618", "versions": [{"status": "affected", "version": "Android9/Android10/Android11"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"}], "descriptions": [{"lang": "en", "value": "In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges"}], "providerMetadata": {"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc", "dateUpdated": "2023-09-04T01:16:07.608Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38456", "state": "PUBLISHED", "dateUpdated": "2024-10-02T14:34:19.692Z", "dateReserved": "2023-07-18T07:24:19.587Z", "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "datePublished": "2023-09-04T01:16:07.608Z", "assignerShortName": "Unisoc"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges"}, {"lang": "es", "value": "En vowifiservice, es posible que falte una comprobaci\u00f3n de permisos. Esto podr\u00eda dar lugar a una escalada local de privilegios sin privilegios de ejecuci\u00f3n adicionales. "}], "id": "CVE-2023-38456", "lastModified": "2024-11-21T08:13:36.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-04T02:15:09.517", "references": [{"source": "security@unisoc.com", "tags": ["Vendor Advisory"], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"}], "sourceIdentifier": "security@unisoc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}