CVE-2022-28348 — Vulnetix

CVE-2022-28348 PUBLISHED CVSS 9.300000190734863 CRITICAL

In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten "Framework", "System", "Google Play System Updates", "ARM components", "MediaTek components", "Unisoc components", "Qualcomm components" sowie"Qualcomm closed-source components". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.

EPSS 0.63% · 70.7th percentile

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.63%

70.7th percentile

Affected Products

Vendor	Product	Versions
Google	Google Android 12L
Google	Google Android 11
Google	Google Android 12
Google	Google Android 13

Exploit Intelligence

https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin (circl)
https://www.cisa.gov/news-events/alerts/2023/12/05/cisa-adds-four-known-exploited-vulnerabilities-catalog (certbund)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
CVE-2023-4863.yar (github-yara)
CVE-2023-4863.yar (github-yara)
CVE-2023-4863.yar (github-yara)

…and 2 more exploits

Timeline

May 19, 2022 EPSS Score
May 19, 2022 CVE Published
Jul 7, 2022 EPSS Score
Aug 26, 2022 EPSS Score
Oct 14, 2022 EPSS Score
Dec 2, 2022 EPSS Score
Jan 20, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 10, 2023 EPSS Score
Apr 28, 2023 EPSS Score
Jun 16, 2023 EPSS Score
Aug 4, 2023 EPSS Score

References

Open in Interactive Console →