Main Vulnerability Database Vulnerabilities #VU65443

#VU65443 Permissions, Privileges, and Access Controls in Chromecast - CVE-2022-20114

Published: July 19, 2022

Vulnerability identifier: #VU65443

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-20114

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Chromecast

Software vendor:
Google

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due the an error in placeCall of TelecomManager.java that allows an application to keep itself running with foreground service importance. A local application can can bypass security restrictions and escalate privileges on the system.

Remediation

Install updates from vendor's website.

External links

https://source.android.com/security/bulletin/chromecast/2022-07-01