Possible Permission Bypass Vulnerability in Multiple Locations
CVE-2024-40654

7.8HIGH

Key Information:

Vendor: None specified
Status: Android
Vendor: CVE Published:; 11 September 2024

🔔 Create None specified Vulnerability Alert

What is CVE-2024-40654?

A permission bypass vulnerability has been identified within the Android Settings app, exposing users to potential local escalation of privileges. This issue arises from a confused deputy scenario occurring in multiple locations within the app code. Exploitation of this vulnerability requires user interaction, emphasizing the necessity for awareness and caution while using or configuring Android devices. Updates and patches are crucial to mitigate these risks and preserve the integrity of user permissions.

References

https://android.googlesource.com/platform/packages/apps/S...

https://source.android.com/security/bulletin/2024-09-01

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2024