CVE-2018-9477

Published: Nov 20, 2024Modified: Dec 18, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Affected (2)

Products: Google: Android

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 8.0
Google Android	Version 8.1

Related CWEs

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (1)

https://source.android.com/security/bulletin/2018-09-01

Source: security@android.com

PatchVendor Advisory

Timeline

No history available yet.