First published: Wed Mar 09 2022(Updated: )
In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083.
Credit: security@mediatek.com security@mediatek.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | =9.0 | |
Google Android | =10.0 | |
Google Android | =11.0 | |
Google Android | =12.0 | |
Mediatek Mt6580 | ||
Mediatek Mt6739 | ||
Mediatek Mt6750 | ||
Mediatek Mt6761 | ||
Mediatek Mt6762 | ||
Mediatek Mt6763 | ||
Mediatek Mt6765 | ||
Mediatek Mt6768 | ||
Mediatek Mt6771 | ||
Mediatek Mt6779 | ||
Mediatek Mt8167 | ||
Mediatek Mt8168 | ||
Mediatek Mt8173 | ||
Mediatek Mt8183 | ||
Mediatek Mt8185 | ||
Mediatek Mt8321 | ||
Mediatek Mt8362a | ||
Mediatek Mt8365 | ||
Mediatek Mt8385 | ||
Mediatek Mt8666 | ||
Mediatek Mt8667 | ||
Mediatek Mt8675 | ||
Mediatek Mt8765 | ||
Mediatek Mt8766 | ||
Mediatek Mt8768 | ||
Mediatek Mt8786 | ||
Mediatek Mt8788 | ||
Mediatek Mt8789 | ||
Mediatek Mt8791 | ||
Mediatek Mt8797 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-20054 is a vulnerability in the ims service that allows for AT command injection, leading to local privilege escalation without the need for additional execution privileges.
The vulnerability affects devices running Google Android versions 9.0, 10.0, 11.0, and 12.0.
No, user interaction is not needed for exploitation of CVE-2022-20054.
The severity of CVE-2022-20054 is rated as high, with a severity value of 7.8.
To fix CVE-2022-20054, apply the patch ID ALPS06219083 provided by Google Android or your device manufacturer.