nvd-json-data-feeds/CVE-2022/CVE-2022-203xx/CVE-2022-20302.json

{
  "id": "CVE-2022-20302",
  "sourceIdentifier": "security@android.com",
  "published": "2022-08-12T15:15:11.570",
  "lastModified": "2022-08-15T22:56:47.320",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "In Settings, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-200746457"
    },
    {
      "lang": "es",
      "value": "En Settings, se presenta una posible forma de omitir las protecciones de restablecimiento de f\u00e1brica debido a un escape de sandbox. Esto podr\u00eda conllevar a una escalada local de privilegios si el atacante presenta acceso f\u00edsico al dispositivo, sin ser necesarios privilegios de ejecuci\u00f3n adicionales. No es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. Producto: Android, Versiones: Android-13, ID de Android: A-200746457"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attackVector": "PHYSICAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.6,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 6.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://source.android.com/security/bulletin/android-13",
      "source": "security@android.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}