CVE-2024-34722

High

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a…

google_android·NVD-CWE-noinfo·Published 2024-07-09

CVSS

8.8

EPSS

0.00

KEV

Exploits

cve.orgen

293 chars

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

NVDen

293 chars

NVDes

344 chars

En smp_proc_rand de smp_act.cc, existe una posible omisión de autenticación durante el emparejamiento BLE heredado debido a una implementación incorrecta de un protocolo. Esto podría conducir a una escalada remota de privilegios sin necesidad de permisos de ejecución adicionales. La interacción del usuario no es necesaria para la explotación.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	7.4	—	—	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	7.4	—	—	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	7.4	1.4	5.9	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H