CVE-2024-43088

HIGH Year: 2024
CVSS v3 Score
8.4
High
Weakness Type
CWE-862
View all →

Vulnerability Description

In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.

Related Vulnerabilities

CVE-2017-13316

HIGH
CVSS:8.4(High)

In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution ...

CWE-8622017

CVE-2018-9469

HIGH
CVSS:8.4(High)

In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged ap...

CWE-8622018

CVE-2024-0038

HIGH
CVSS:8.4(High)

In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of priv...

CWE-8622024

CVE-2024-31332

HIGH
CVSS:8.4(High)

In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no addit...

CWE-8622024

CVE-2024-31813

HIGH
CVSS:8.4(High)

TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.

CWE-8622024

CVE-2024-40677

HIGH
CVSS:8.4(High)

In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privi...

CWE-8622024