nvd-json-data-feeds/CVE-2023/CVE-2023-209xx/CVE-2023-20924.json

{
  "id": "CVE-2023-20924",
  "sourceIdentifier": "security@android.com",
  "published": "2023-01-26T21:18:11.833",
  "lastModified": "2023-02-01T20:16:24.707",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A"
    },
    {
      "lang": "es",
      "value": "En (TBD) de (TBD), existe una forma posible de omitir la pantalla de bloqueo debido a una falla de autenticaci\u00f3n biom\u00e9trica. Esto podr\u00eda conducir a una escalada local de privilegios con acceso f\u00edsico al dispositivo sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n.Producto: AndroidVersiones: kernel de AndroidID de Android: A-240428519Referencias: N/A"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "PHYSICAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://source.android.com/security/bulletin/pixel/2023-01-01",
      "source": "security@android.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}