KEVIntel
Back to KEVs
7.8
CVSS
High

CVE-2023-35674

PUBLISHED

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local...

Exploited in the wild Low complexity No user interaction
Vendor
Google
Product
Android
Published
Sep 11, 2023
EPSS

Description

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

java windows android cisa

CVSS scores

CVSS v3.1 7.8 High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2023-09-13 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Sep 13, 2023

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

Thampakon/CVE-2023-35674

github · Created 2023-09-11 05:34:43 UTC · 0 stars

ช่องโหว่ CVE-2023-35674 *สถานะ: ยังไม่เสร็จ*

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel