CVERadar

CVE-2024-0038

Medium Severity

Google

SVRS

30/100

CVSSv3

7.8/10

EPSS

0.00026/1

CVE-2024-0038 allows for arbitrary input event injection in Android's AccessibilityManagerService, potentially leading to a local escalation of privilege. This vulnerability, found in injectInputEventToInputFilter, stems from a missing permission check. An attacker could exploit this to gain elevated privileges on a vulnerable device without requiring user interaction.

While the CVSS score is 7.8, indicating a high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting a lower real-world risk compared to vulnerabilities with SVRS scores above 80. Despite the lower SVRS score, CVE-2024-0038 is still significant because it can be exploited locally, and escalation of privilege vulnerabilities are always a serious concern. The vulnerability involves AccessibilityManagerService. Addressing this issue prevents potential unauthorized access and control of Android devices. It is crucial to patch affected systems to mitigate this security risk.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-0038 | Google Android 14 AccessibilityManagerService.java injectInputEventToInputFilter permission

vuldb.com2024-12-16

CVE-2024-0038 | Google Android 14 AccessibilityManagerService.java injectInputEventToInputFilter permission | A vulnerability classified as critical was found in Google Android 14. Affected by this vulnerability is the function injectInputEventToInputFilter of the file AccessibilityManagerService.java. The manipulation leads to permission issues. This vulnerability is known as CVE-2024-0038. An attack has to be approached locally. There is no exploit available

vuldb.com

rss

forum

news

Social Media

No tweets found for this CVE

Affected Software

Configuration 1

Type	Vendor	Product
OS	Google	android

References

Reference	Link
[email protected]	https://android.googlesource.com/platform/frameworks/base/+/3e88d987235f5a2acd50a9b6bad78dbbf39cb079
[email protected]	https://source.android.com/security/bulletin/2024-02-01
AF854A3A-2127-422B-91AE-364DA2661108	https://android.googlesource.com/platform/frameworks/base/+/3e88d987235f5a2acd50a9b6bad78dbbf39cb079
AF854A3A-2127-422B-91AE-364DA2661108	https://source.android.com/security/bulletin/2024-02-01
[email protected]	https://android.googlesource.com/platform/frameworks/base/+/3e88d987235f5a2acd50a9b6bad78dbbf39cb079
[email protected]	https://source.android.com/security/bulletin/2024-02-01

CWE Details

CWE ID	CWE Name	Description
CWE-862	Missing Authorization	The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence