admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-347xx/CVE-2024-34734.json
cad-safe-bot 47316cb78f Auto-Update: 2024-10-24T22:00:18.909139+00:00
2024-10-24 22:03:20 +00:00

64 lines
2.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-34734",
"sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.337",
"lastModified": "2024-10-24T20:35:05.433",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": " En onForegroundServiceButtonClicked de FooterActionsViewModel.kt, existe una forma posible de desactivar la aplicaci\u00f3n VPN activa desde la pantalla de bloqueo debido a un valor predeterminado inseguro. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/207584fb6f820eba14251251d7e9331bfd57adb8",
"source": "security@android.com"
},
{
"url": "https://source.android.com/security/bulletin/2024-08-01",
"source": "security@android.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink