A local attacker may access and control the smart phone or read personal data from it.

Vulnerability details

A vulnerability in the Android operating system, which has been labeled CVE-2022-41593, could allow an attacker to execute malicious commands on a smart phone.
This vulnerability is related to the use of debug mode by some third party applications. This can cause the Android OS to load and execute unsigned/non-packaged executables from a device's external storage. Although this vulnerability is being reported as "local," it does not require physical proximity for exploitation to occur.
In order to exploit this vulnerability, an attacker would need full access to the affected device. The affected device must have been connected to a network (e.g., Wifi) for some time before exploitation can occur.
The only way that exploitation of this vulnerability can occur is with a rooted device or if the attacker has installed another application on their own devices that sets up debugging mode using USB debugging or ADB debugging.

Vulnerability summary

The vulnerability is located in the Android Smartphone application. An attacker can access and control the smart phone or read personal data from it.
Vulnerability severity: Medium

CVE-2023-41594

A remote attacker may access and control the smart phone or read personal data from it.

There are two separate vulnerabilities with the same CVE number that have differing severity. Even though they share the same vulnerability ID, each vulnerability is assigned a different severity by their respective CVSS scores.

Timeline

Published on: 10/14/2022 16:15:00 UTC
Last modified on: 10/15/2022 01:52:00 UTC

References