What is the severity of CVE-2024-31332?

CVE-2024-31332 is classified as a high severity vulnerability due to potential local escalation of privilege.

How do I fix CVE-2024-31332?

To mitigate CVE-2024-31332, ensure that your Android device is updated to at least version 14.0 where the vulnerability has been patched.

Who is affected by CVE-2024-31332?

CVE-2024-31332 affects users of Google Android versions 13.0 and 14.0.

What kind of attack can be executed with CVE-2024-31332?

CVE-2024-31332 allows attackers to bypass restrictions on adding new Wi-Fi connections without requiring user interaction.

Is user interaction required to exploit CVE-2024-31332?

No, user interaction is not required for exploiting CVE-2024-31332.

Vulnerability/
CVE-2024-31332

high

8.4

CWE

862

1/7/2024

9/7/2024

17/12/2024

CVE-2024-31332

First published: Mon Jul 01 2024(Updated: )

In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Credit: security@android.com

Affected Software	Affected Version	How to fix
Google Android
Google Android	=13.0
Google Android	=14.0

Remedy

https://android.googlesource.com/platform/packages/apps/Settings/+/d1f9e61e4480116838c7a642b54c217506361266

Remedy

https://source.android.com/security/bulletin/2024-07-01

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-31332?
CVE-2024-31332 is classified as a high severity vulnerability due to potential local escalation of privilege.
How do I fix CVE-2024-31332?
To mitigate CVE-2024-31332, ensure that your Android device is updated to at least version 14.0 where the vulnerability has been patched.
Who is affected by CVE-2024-31332?
CVE-2024-31332 affects users of Google Android versions 13.0 and 14.0.
What kind of attack can be executed with CVE-2024-31332?
CVE-2024-31332 allows attackers to bypass restrictions on adding new Wi-Fi connections without requiring user interaction.
Is user interaction required to exploit CVE-2024-31332?
No, user interaction is not required for exploiting CVE-2024-31332.

agent/description
agent/type
agent/references
agent/first-publish-date
agent/author
agent/event
collector/mitre-cve
source/MITRE
collector/android-source
source/Android
agent/software-canonical-lookup
collector/nvd-api
source/NVD
agent/severity
agent/last-modified-date
agent/remedy
agent/weakness
agent/softwarecombine
agent/tags
agent/source
vendor/google
canonical/google android
version/google android/13.0
version/google android/14.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2024-31332?
CVE-2024-31332 is classified as a high severity vulnerability due to potential local escalation of privilege.
How do I fix CVE-2024-31332?
To mitigate CVE-2024-31332, ensure that your Android device is updated to at least version 14.0 where the vulnerability has been patched.
Who is affected by CVE-2024-31332?
CVE-2024-31332 affects users of Google Android versions 13.0 and 14.0.
What kind of attack can be executed with CVE-2024-31332?
CVE-2024-31332 allows attackers to bypass restrictions on adding new Wi-Fi connections without requiring user interaction.
Is user interaction required to exploit CVE-2024-31332?
No, user interaction is not required for exploiting CVE-2024-31332.