CVE-2023-20965

CVSS V2 None CVSS V3 None

Description

In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Overview

CVE ID
CVE-2023-20965

Assigner
security@android.com

Vulnerability Status
Analyzed

Published Version
2023-08-14T21:15:10

Last Modified Date
2023-08-24T15:09:35

Weakness Enumerations

CWE	URL
CWE-522	http://cwe.mitre.org/data/definitions/522.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:o:google:android:13.0:-::::::	1	OR

References

Reference URL	Reference Tags
https://android.googlesource.com/platform/packages/modules/Wifi/+/0d3cb609b0851ea9e5745cc6101e57c2e5e739f2	Patch
https://android.googlesource.com/platform/packages/modules/Wifi/+/88a8a98934215f591605028e200b6eca8f7cc45a	Patch
https://android.googlesource.com/platform/packages/modules/Wifi/+/bd318b9772759546509f6fdb8648366099dd65ad	Patch
https://source.android.com/security/bulletin/2023-08-01	Patch Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-20965
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20965

History

Created	Old Value	New Value	Data Type	Notes
2023-09-06 03:43:41				Added to TrackCVE
2023-09-06 03:43:44			Weakness Enumeration	new