{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-20214","assignerOrgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","assignerShortName":"google_android","dateUpdated":"2025-04-01T19:42:38.683Z","dateReserved":"2021-10-14T00:00:00.000Z","datePublished":"2023-01-24T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","shortName":"google_android","dateUpdated":"2023-01-24T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210"}],"affected":[{"vendor":"n/a","product":"Android","versions":[{"version":"Android-10 Android-11 Android-12","status":"affected"}]}],"references":[{"url":"https://source.android.com/security/bulletin/aaos/2023-01-01"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Elevation of privilege"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T02:02:31.026Z"},"title":"CVE Program Container","references":[{"url":"https://source.android.com/security/bulletin/aaos/2023-01-01","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-1021","lang":"en","description":"CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}],"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":4.7,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","integrityImpact":"LOW","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-01T19:41:30.472156Z","id":"CVE-2022-20214","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-01T19:42:38.683Z"}}]}}