Vulnerability Description
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 13.0 |
Related Weaknesses (CWE)
References
- https://android.googlesource.com/platform/packages/modules/Wifi/+/0d3cb609b0851ePatch
- https://android.googlesource.com/platform/packages/modules/Wifi/+/88a8a98934215fPatch
- https://android.googlesource.com/platform/packages/modules/Wifi/+/bd318b97727595Patch
- https://source.android.com/security/bulletin/2023-08-01PatchVendor Advisory
- https://android.googlesource.com/platform/packages/modules/Wifi/+/0d3cb609b0851ePatch
- https://android.googlesource.com/platform/packages/modules/Wifi/+/88a8a98934215fPatch
- https://android.googlesource.com/platform/packages/modules/Wifi/+/bd318b97727595Patch
- https://source.android.com/security/bulletin/2023-08-01PatchVendor Advisory
FAQ
What is CVE-2023-20965?
CVE-2023-20965 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no add...
How severe is CVE-2023-20965?
CVE-2023-20965 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-20965?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.