{"containers": {"cna": {"affected": [{"product": "MT6761, MT6762, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6885, MT6889, MT6893, MT8183, MT8185, MT8321, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", "vendor": "MediaTek, Inc.", "versions": [{"status": "affected", "version": "Android 10.0, 11.0, 12.0"}]}], "descriptions": [{"lang": "en", "value": "In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06137462."}], "problemTypes": [{"descriptions": [{"description": "Elevation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-09T17:03:05", "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://corp.mediatek.com/product-security-bulletin/March-2022"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mediatek.com", "ID": "CVE-2022-20060", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MT6761, MT6762, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6885, MT6889, MT6893, MT8183, MT8185, MT8321, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", "version": {"version_data": [{"version_value": "Android 10.0, 11.0, 12.0"}]}}]}, "vendor_name": "MediaTek, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06137462."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Elevation of Privilege"}]}]}, "references": {"reference_data": [{"name": "https://corp.mediatek.com/product-security-bulletin/March-2022", "refsource": "MISC", "url": "https://corp.mediatek.com/product-security-bulletin/March-2022"}]}}}}, "cveMetadata": {"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "assignerShortName": "MediaTek", "cveId": "CVE-2022-20060", "datePublished": "2022-03-09T17:03:05", "dateReserved": "2021-10-12T00:00:00", "dateUpdated": "2022-03-09T17:03:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", "matchCriteriaId": "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8735a:-:*:*:*:*:*:*:*", "matchCriteriaId": "45A7A805-EFED-47B3-884C-158FF1EECAEC", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8735b:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1BB519B-9BA4-4D4A-8ED1-CE79E56E70E4", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06137462."}, {"lang": "es", "value": "En preloader (usb), se presenta una posible omisi\u00f3n de permisos debido a una falta de autenticaci\u00f3n de imagen apropiada. Esto podr\u00eda conllevar a una escalada local de privilegios, para un atacante que tenga acceso f\u00edsico al dispositivo, sin ser necesarios privilegios de ejecuci\u00f3n adicionales. Es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. ID del parche: ALPS06160806; ID de Incidencia: ALPS06137462"}], "id": "CVE-2022-20060", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-10T17:45:07.660", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/March-2022"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}