In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160806.
References
Link | Resource |
---|---|
https://corp.mediatek.com/product-security-bulletin/February-2022 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
11 Feb 2022, 20:29
Type | Values Removed | Values Added |
---|---|---|
First Time |
Mediatek mt6779
Mediatek mt6763 Mediatek mt6885 Mediatek mt6771 Mediatek mt6891 Mediatek mt6853 Mediatek mt6739 Google android Mediatek mt6785 Mediatek mt6875 Mediatek mt6893 Mediatek mt6781 Mediatek mt6765 Mediatek mt6833 Mediatek mt6873 Mediatek mt6580 Mediatek mt6735 Mediatek mt6768 Mediatek mt6769 Mediatek mt6877 Mediatek Mediatek mt6761 Mediatek mt6799 |
|
CWE | CWE-295 | |
CPE | cpe:2.3:h:mediatek:mt6799:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:* |
|
References | (MISC) https://corp.mediatek.com/product-security-bulletin/February-2022 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 6.8 |
09 Feb 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-09 23:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-20034
Mitre link : CVE-2022-20034
CVE.ORG link : CVE-2022-20034
JSON object : View
Products Affected
mediatek
- mt6875
- mt6768
- mt6779
- mt6885
- mt6763
- mt6781
- mt6799
- mt6735
- mt6769
- mt6873
- mt6833
- mt6891
- mt6893
- mt6765
- mt6877
- mt6785
- mt6739
- mt6853
- mt6761
- mt6771
- mt6580
- android
CWE
CWE-295
Improper Certificate Validation