Insecure Default Value in checkDebuggingDisallowed Allows Local Privilege Escalation

Insecure Default Value in checkDebuggingDisallowed Allows Local Privilege Escalation

CVE-2023-48418 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a     possible way to access adb before SUW completion due to an insecure default     value. This could lead to local escalation of privilege with no additional     execution privileges needed. User interaction is not needed for     exploitation

Learn more about our User Device Pen Test.