CVE-2022-20529 — Missing Authorization in Packages Apps Settings

CWE-862 — Missing Authorization CWE-668 — Resource Exposure4 documents4 sources

Severity

2.4LOWNVD

EPSS

0.0%

top 93.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Packages Apps Settings Google Android

Timeline

PublishedDec 16

Latest updateDec 20

Description

In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages3 packages

▶Androidplatform/packages_apps_settings13:0 — 13:2022-12-01

▶CVEListV5google/androidAndroid-13

▶NVDgoogle/android13.0

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-57rw-93xc-4hpv: In multiple locations of WifiDialogActivity↗2022-12-20

▶

CVEList

CVE-2022-20529: In multiple locations of WifiDialogActivity↗2022-12-16

▶

OSV

CVE-2022-20529: In multiple locations of WifiDialogActivity↗2022-12-01

▶