CVE-2023-48418 - OpenCVE

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Pixel Watch Pixel Watch Firmware

Configuration 1 [-]

AND

cpe:2.3:h:google:pixel_watch:11:*:*:*:*:*:*:*

cpe:2.3:o:google:pixel_watch_firmware:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.html
https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published: 2024-01-02T22:25:31.573Z

Updated: 2024-08-02T21:30:35.154Z

Reserved: 2023-11-16T16:28:09.701Z

Link: CVE-2023-48418

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-02T23:15:11.000

Modified: 2024-01-10T23:15:09.053

Link: CVE-2023-48418

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-48418", "assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222", "state": "PUBLISHED", "assignerShortName": "Google_Devices", "dateReserved": "2023-11-16T16:28:09.701Z", "datePublished": "2024-01-02T22:25:31.573Z", "dateUpdated": "2024-08-02T21:30:35.154Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Android"], "product": "Pixel Watch", "vendor": "Google", "versions": [{"status": "affected", "version": "11"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\"> In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a</span><br><span style=\"background-color: rgb(255, 255, 255);\">    possible way to access adb before SUW completion due to an insecure default</span><br><span style=\"background-color: rgb(255, 255, 255);\">    value. This could lead to local escalation of privilege with no additional</span><br><span style=\"background-color: rgb(255, 255, 255);\">    execution privileges needed. User interaction is not needed for</span><br><span style=\"background-color: rgb(255, 255, 255);\">    exploitation</span><br>"}], "value": "\u00a0In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a\n\u00a0 \u00a0 possible way to access adb before SUW completion due to an insecure default\n\u00a0 \u00a0 value. This could lead to local escalation of privilege with no additional\n\u00a0 \u00a0 execution privileges needed. User interaction is not needed for\n\u00a0 \u00a0 exploitation\n"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83238938-5644-45f0-9007-c0392bcf6222", "shortName": "Google_Devices", "dateUpdated": "2024-01-02T22:25:31.573Z"}, "references": [{"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"}, {"url": "http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.html"}], "source": {"discovery": "UNKNOWN"}, "title": "User Build misconfiguration resulting in local escalation of privilege", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:30:35.154Z"}, "title": "CVE Program Container", "references": [{"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:google:pixel_watch:11:*:*:*:*:*:*:*", "matchCriteriaId": "ACD23DFF-E651-4901-847B-10A14669BEED", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:pixel_watch_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E04969E8-7B37-48E1-89F9-02ABE00C9F4D", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\u00a0In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a\n\u00a0 \u00a0 possible way to access adb before SUW completion due to an insecure default\n\u00a0 \u00a0 value. This could lead to local escalation of privilege with no additional\n\u00a0 \u00a0 execution privileges needed. User interaction is not needed for\n\u00a0 \u00a0 exploitation\n"}, {"lang": "es", "value": "En checkDebuggingDisallowed de DeviceVersionFragment.java, existe una forma posible de acceder a adb antes de que se complete SUW debido a un valor predeterminado inseguro. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."}], "id": "CVE-2023-48418", "lastModified": "2024-01-10T23:15:09.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "dsap-vuln-management@google.com", "type": "Secondary"}]}, "published": "2024-01-02T23:15:11.000", "references": [{"source": "dsap-vuln-management@google.com", "url": "http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.html"}, {"source": "dsap-vuln-management@google.com", "tags": ["Vendor Advisory"], "url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01"}], "sourceIdentifier": "dsap-vuln-management@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "dsap-vuln-management@google.com", "type": "Secondary"}]}