ID

VAR-202307-1493


CVE

CVE-2023-35692


TITLE

Google Pixel Input Validation Error Vulnerability (CNVD-2023-65159)

Trust: 0.6

sources: CNVD: CNVD-2023-65159

DESCRIPTION

In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google Pixel is a smart phone of Google (Google). Google Pixel has an input validation error vulnerability. The vulnerability stems from the failure to properly validate user input in GeoLocation.java. Attackers can use this vulnerability to elevate local privileges

Trust: 1.53

sources: NVD: CVE-2023-35692 // CNVD: CNVD-2023-65159 // VULMON: CVE-2023-35692

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-65159

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion: -

Trust: 1.0

vendor:googlemodel:pixelscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-65159 // NVD: CVE-2023-35692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-35692
value: HIGH

Trust: 1.0

CNVD: CNVD-2023-65159
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202307-1310
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-65159
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-35692
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2023-65159 // CNNVD: CNNVD-202307-1310 // NVD: CVE-2023-35692

PROBLEMTYPE DATA

problemtype:CWE-273

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2023-35692

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202307-1310

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202307-1310

PATCH

title:Patch for Google Pixel Input Validation Error Vulnerability (CNVD-2023-65159)url:https://www.cnvd.org.cn/patchInfo/show/447151

Trust: 0.6

title:Google Pixel Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=246177

Trust: 0.6

sources: CNVD: CNVD-2023-65159 // CNNVD: CNNVD-202307-1310

EXTERNAL IDS

db:NVDid:CVE-2023-35692

Trust: 2.3

db:CNVDid:CNVD-2023-65159

Trust: 0.6

db:CNNVDid:CNNVD-202307-1310

Trust: 0.6

db:VULMONid:CVE-2023-35692

Trust: 0.1

sources: CNVD: CNVD-2023-65159 // VULMON: CVE-2023-35692 // CNNVD: CNNVD-202307-1310 // NVD: CVE-2023-35692

REFERENCES

url:https://source.android.com/security/bulletin/pixel/2023-07-01

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2023-35692

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-35692/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-65159 // VULMON: CVE-2023-35692 // CNNVD: CNNVD-202307-1310 // NVD: CVE-2023-35692

SOURCES

db:CNVDid:CNVD-2023-65159
db:VULMONid:CVE-2023-35692
db:CNNVDid:CNNVD-202307-1310
db:NVDid:CVE-2023-35692

LAST UPDATE DATE

2024-10-31T23:15:05.978000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-65159date:2023-08-28T00:00:00
db:VULMONid:CVE-2023-35692date:2023-07-14T00:00:00
db:CNNVDid:CNNVD-202307-1310date:2023-07-24T00:00:00
db:NVDid:CVE-2023-35692date:2024-10-31T16:35:02.880

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-65159date:2023-07-27T00:00:00
db:VULMONid:CVE-2023-35692date:2023-07-14T00:00:00
db:CNNVDid:CNNVD-202307-1310date:2023-07-14T00:00:00
db:NVDid:CVE-2023-35692date:2023-07-14T16:15:14.160