NOMISEC-fuhei/CVE-2024-31317

NOMISEC WORKING POC

Exploit for CVE-2024-31317 - Google Android - Insecure Deserialization

AI Analysis

This repository contains a functional exploit for CVE-2024-31317, a command injection vulnerability in Android's Zygote process. The exploit leverages the `hidden_api_blacklist_exemptions` setting to inject malicious commands, potentially leading to local privilege escalation (LPE) by spawning a new process with elevated privileges.

Attack Type

LPE

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 56

https://github.com/fuhei/CVE-2024-31317

Stars 64

Forks 18

Last Push Dec 05, 2024

Authors

fuhei

Vulnerability

CVE-2024-31317

Google Android - Insecure Deserialization

HIGH

CVSS 7.8