ID

VAR-202303-1883


CVE

CVE-2023-21035


TITLE

Google  of  Android  Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2023-005991

DESCRIPTION

In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-184847040. Google of Android Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smart phone of Google (Google). Google Pixel has an authorization problem vulnerability. The vulnerability stems from improper permission management in multiple functions of BackupHelper.java. Attackers can use this vulnerability to cause privilege escalation

Trust: 2.25

sources: NVD: CVE-2023-21035 // JVNDB: JVNDB-2023-005991 // CNVD: CNVD-2023-23561 // VULMON: CVE-2023-21035

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-23561

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:13.0

Trust: 1.8

vendor:googlemodel:androidscope:eqversion: -

Trust: 0.8

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:googlemodel:pixelscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-23561 // JVNDB: JVNDB-2023-005991 // NVD: CVE-2023-21035

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-21035
value: HIGH

Trust: 1.0

NVD: CVE-2023-21035
value: HIGH

Trust: 0.8

CNVD: CNVD-2023-23561
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202303-1999
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-23561
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-21035
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-21035
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-23561 // JVNDB: JVNDB-2023-005991 // CNNVD: CNNVD-202303-1999 // NVD: CVE-2023-21035

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-005991 // NVD: CVE-2023-21035

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202303-1999

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202303-1999

PATCH

title:Patch for Google Pixel BackupHelper.java File Authorization Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/416866

Trust: 0.6

title:Google Pixel Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=231432

Trust: 0.6

sources: CNVD: CNVD-2023-23561 // CNNVD: CNNVD-202303-1999

EXTERNAL IDS

db:NVDid:CVE-2023-21035

Trust: 3.9

db:JVNDBid:JVNDB-2023-005991

Trust: 0.8

db:CNVDid:CNVD-2023-23561

Trust: 0.6

db:CNNVDid:CNNVD-202303-1999

Trust: 0.6

db:VULMONid:CVE-2023-21035

Trust: 0.1

sources: CNVD: CNVD-2023-23561 // VULMON: CVE-2023-21035 // JVNDB: JVNDB-2023-005991 // CNNVD: CNNVD-202303-1999 // NVD: CVE-2023-21035

REFERENCES

url:https://source.android.com/security/bulletin/pixel/2023-03-01

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-21035

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2023-21035/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-23561 // VULMON: CVE-2023-21035 // JVNDB: JVNDB-2023-005991 // CNNVD: CNNVD-202303-1999 // NVD: CVE-2023-21035

SOURCES

db:CNVDid:CNVD-2023-23561
db:VULMONid:CVE-2023-21035
db:JVNDBid:JVNDB-2023-005991
db:CNNVDid:CNNVD-202303-1999
db:NVDid:CVE-2023-21035

LAST UPDATE DATE

2024-08-14T15:10:55.279000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-23561date:2023-04-03T00:00:00
db:VULMONid:CVE-2023-21035date:2023-03-24T00:00:00
db:JVNDBid:JVNDB-2023-005991date:2023-11-13T01:26:00
db:CNNVDid:CNNVD-202303-1999date:2023-03-31T00:00:00
db:NVDid:CVE-2023-21035date:2023-03-30T01:16:44.360

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-23561date:2023-04-03T00:00:00
db:VULMONid:CVE-2023-21035date:2023-03-24T00:00:00
db:JVNDBid:JVNDB-2023-005991date:2023-11-13T00:00:00
db:CNNVDid:CNNVD-202303-1999date:2023-03-24T00:00:00
db:NVDid:CVE-2023-21035date:2023-03-24T20:15:13.797