{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23705", "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "state": "PUBLISHED", "assignerShortName": "google_android", "dateReserved": "2024-01-20T00:17:15.383Z", "datePublished": "2024-05-07T21:03:30.866Z", "dateUpdated": "2024-08-01T23:13:07.248Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android", "dateUpdated": "2024-07-09T20:12:22.171Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Elevation of privilege"}]}], "affected": [{"vendor": "Google", "product": "Android", "versions": [{"version": "14", "status": "affected"}, {"version": "13", "status": "affected"}, {"version": "12L", "status": "affected"}, {"version": "12", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."}], "references": [{"url": "https://android.googlesource.com/platform/frameworks/base/+/032bee6dc118ce1cc3fde92463b2954c1450f2e8"}, {"url": "https://source.android.com/security/bulletin/2024-05-01"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23705", "role": "CISA Coordinator", "options": [{"Exploitation": "None"}, {"Automatable": "No"}, {"Technical Impact": "Total"}], "version": "2.0.3", "timestamp": "2024-05-09T04:00:42.469174Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*"], "vendor": "google", "product": "android", "versions": [{"status": "affected", "version": "12.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:google:android:12l:*:*:*:*:*:*:*"], "vendor": "google", "product": "android", "versions": [{"status": "affected", "version": "12l"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*"], "vendor": "google", "product": "android", "versions": [{"status": "affected", "version": "13.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*"], "vendor": "google", "product": "android", "versions": [{"status": "affected", "version": "14.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:45:55.905Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:07.248Z"}, "title": "CVE Program Container", "references": [{"url": "https://android.googlesource.com/platform/frameworks/base/+/032bee6dc118ce1cc3fde92463b2954c1450f2e8", "tags": ["x_transferred"]}, {"url": "https://source.android.com/security/bulletin/2024-05-01", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://android.googlesource.com/platform/frameworks/base/+/032bee6dc118ce1cc3fde92463b2954c1450f2e8", "tags": ["x_transferred"]}, {"url": "https://source.android.com/security/bulletin/2024-05-01", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:07.248Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23705", "role": "CISA Coordinator", "options": [{"Exploitation": "None"}, {"Automatable": "No"}, {"Technical Impact": "Total"}], "version": "2.0.3", "timestamp": "2024-05-09T04:00:42.469174Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*"], "vendor": "google", "product": "android", "versions": [{"status": "affected", "version": "12.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:google:android:12l:*:*:*:*:*:*:*"], "vendor": "google", "product": "android", "versions": [{"status": "affected", "version": "12l"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*"], "vendor": "google", "product": "android", "versions": [{"status": "affected", "version": "13.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*"], "vendor": "google", "product": "android", "versions": [{"status": "affected", "version": "14.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-09T13:02:39.086Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"affected": [{"vendor": "Google", "product": "Android", "versions": [{"status": "affected", "version": "14"}, {"status": "affected", "version": "13"}, {"status": "affected", "version": "12L"}, {"status": "affected", "version": "12"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://android.googlesource.com/platform/frameworks/base/+/032bee6dc118ce1cc3fde92463b2954c1450f2e8"}, {"url": "https://source.android.com/security/bulletin/2024-05-01"}], "descriptions": [{"lang": "en", "value": "In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Elevation of privilege"}]}], "providerMetadata": {"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android", "dateUpdated": "2024-07-09T20:12:22.171Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23705", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:13:07.248Z", "dateReserved": "2024-01-20T00:17:15.383Z", "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "datePublished": "2024-05-07T21:03:30.866Z", "assignerShortName": "google_android"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."}, {"lang": "es", "value": "En varias ubicaciones, es posible que no se persistan o no se apliquen restricciones de usuario debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."}], "id": "CVE-2024-23705", "lastModified": "2024-07-03T01:48:00.597", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-07T21:15:08.680", "references": [{"source": "security@android.com", "url": "https://android.googlesource.com/platform/frameworks/base/+/032bee6dc118ce1cc3fde92463b2954c1450f2e8"}, {"source": "security@android.com", "url": "https://source.android.com/security/bulletin/2024-05-01"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}