CVE-2022-20138

HIGH

Android - Missing Authorization in DevicePolicyManagerService

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-20138. PoCs published by Trinadh465, ShaikUsaf.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-20138, targeting Android's autofill framework. The code demonstrates how an attacker could manipulate autofill services to trigger unintended behavior, potentially leading to information disclosure or denial of service.

Description

In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972

Exploits (2)

nomisec WORKING POC 1 stars

by Trinadh465 · poc

https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20138

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2022-20138, targeting Android's autofill framework. The code demonstrates how an attacker could manipulate autofill services to trigger unintended behavior, potentially leading to information disclosure or denial of service.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Android Autofill Framework (AOSP 10 r33)

No auth needed

Prerequisites: Access to a vulnerable Android device · Ability to install a malicious autofill service

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by ShaikUsaf · poc

https://github.com/ShaikUsaf/ShaikUsaf-frameworks_base_AOSP10_r33_CVE-2022-20138

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2022-20138, which is a vulnerability in the Android managed provisioning framework. The exploit leverages the TrampolineActivity to bypass intended restrictions and execute arbitrary activities with elevated privileges.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Android Open Source Project (AOSP) frameworks/base, specifically managed provisioning components

No auth needed

Prerequisites: Access to a vulnerable Android device · Ability to install or trigger the malicious activity

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://source.android.com/security/bulletin/2022-06-01

Scores

CVSS v3 7.8

EPSS 0.0021

EPSS Percentile 11.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-862

Status published

Products (4)

google/android 10.0

google/android 11.0

google/android 12.0

google/android 12.1

Published Jun 15, 2022

Tracked Since Feb 18, 2026