CVE-2023-21252 — Frameworks OPT NET Wifi vulnerability

5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 89.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks OPT NET Wifi Platform Packages Modules Wifi Google Android

Timeline

PublishedOct 6

Description

In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶Androidplatform/packages_modules_wifi14-next:0 — 14-next:2023-10-01+3

▶Androidplatform/frameworks_opt_net_wifi11:0 — 11:2023-10-01

▶CVEListV5google/android4 versions+3

▶NVDgoogle/android4 versions+3

Patches

Patch: android.googlesource.com ↗Patch: android.googlesource.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-21252: In validatePassword of WifiConfigurationUtil↗2023-10-06

▶

GHSA

GHSA-hvvj-89c5-jx49: In validatePassword of WifiConfigurationUtil↗2023-10-06

▶

OSV

CVE-2023-21252: In validatePassword of WifiConfigurationUtil↗2023-10-01

▶

📋Vendor Advisories

Android

CVE-2023-21252: Android Security Bulletin 2023-10-01 CVE: CVE-2023-21252 Severity: HIGH Type: DoS Affected AOSP versions: 11, 12, 12L, 13 References: A-275339978 [2]↗2023-10-01

▶