CVE-2023-20944
HIGHAndroid - Local Privilege Escalation via Unsafe Deserialization in ChooseTypeAndAccountActivity
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-20944. PoCs published by Trinadh465.
AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2023-20944, targeting Android's autofill framework. The code includes test cases and a custom autofill service to demonstrate the vulnerability, likely involving improper handling of autofill requests.
Description
In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558
Exploits (1)
This repository contains a proof-of-concept exploit for CVE-2023-20944, targeting Android's autofill framework. The code includes test cases and a custom autofill service to demonstrate the vulnerability, likely involving improper handling of autofill requests.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H