Home > Vulnerability Database > CVE-2024-34734

Mend.io Vulnerability Database

CVE-2024-34734

Date: August 15, 2024

In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Language: KOTLIN

Severity Score

7.7

Related Resources (4)

Url: https://source.android.com/security/bulletin/2024-08-01

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-34734

Url: https://android.googlesource.com/platform/frameworks/base/+/207584fb6f820eba14251251d7e9331bfd57adb8

Url: https://www.mend.io/vulnerability-database/CVE-2024-34734

Severity Score

7.7

Weakness Type (CWE)

Initialization of a Resource with an Insecure Default

CWE-1188

Insecure Default Variable Initialization

CWE-453

CVSS v3.1

Base Score:	7.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-34734

Date: August 15, 2024

Language: KOTLIN

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?