CVE-2018-9477

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 20, 2024

Updated: Nov 21, 2024

CWE ID 294

Summary

CVE-2018-9477 is a vulnerability affecting the Settings app that allows for local privilege escalation. In the development options section of the app, a missing permission check creates an opportunity for authentication bypass. With no additional execution privileges required, exploitation necessitates user interaction, making it a potential threat to system security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/WIPwIT
https://www.cve.org/CVERecord?id=CVE-2018-9477
https://nvd.nist.gov/vuln/detail/CVE-2018-9477

Back to Vulnerability Database