In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2023-06-01 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Jun 2023, 20:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* |
|
CWE | CWE-327 | |
References | (MISC) https://source.android.com/security/bulletin/2023-06-01 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Google
Google android |
15 Jun 2023, 20:46
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-15 19:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-21115
Mitre link : CVE-2023-21115
CVE.ORG link : CVE-2023-21115
JSON object : View
Products Affected
- android
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm