CVE-2024-44096

there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://source.android.com/security/bulletin/pixel/2024-09-01	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

18 Sep 2024, 13:33

Type	Values Removed	Values Added
CWE		CWE-1188
First Time		Google android Google
CPE		cpe:2.3:o:google:android:-:::::::*
References	~~() https://source.android.com/security/bulletin/pixel/2024-09-01 -~~	() https://source.android.com/security/bulletin/pixel/2024-09-01 - Vendor Advisory

16 Sep 2024, 15:35

Type	Values Removed	Values Added
Summary		(es) Existe la posibilidad de una lectura arbitraria debido a un valor predeterminado inseguro. Esto podría provocar la divulgación de información local, con privilegios de ejecución de System necesarios. No se necesita la interacción del usuario para la explotación.
CWE		CWE-453
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.4

13 Sep 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-13 21:15

Updated : 2024-09-18 13:33

NVD link : CVE-2024-44096

Mitre link : CVE-2024-44096

CVE.ORG link : CVE-2024-44096

JSON object : View

Products Affected

google

android

CWE

CWE-1188

Insecure Default Initialization of Resource

CWE-453

Insecure Default Variable Initialization

{"id": "CVE-2024-44096", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2024-09-13T21:15:10.777", "references": [{"url": "https://source.android.com/security/bulletin/pixel/2024-09-01", "tags": ["Vendor Advisory"], "source": "dsap-vuln-management@google.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1188"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-453"}]}], "descriptions": [{"lang": "en", "value": "there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation."}, {"lang": "es", "value": "Existe la posibilidad de una lectura arbitraria debido a un valor predeterminado inseguro. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n local, con privilegios de ejecuci\u00f3n de System necesarios. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."}], "lastModified": "2024-09-18T13:33:37.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}]}], "sourceIdentifier": "dsap-vuln-management@google.com"}