Login Sign Up

CVE-2022-21777

7.8 HIGH

📋 TL;DR

CVE-2022-21777 is a permission bypass vulnerability in Autoboot that allows local attackers to escalate privileges without user interaction. This affects devices using MediaTek chipsets with vulnerable Autoboot implementations. Attackers can gain elevated system access from a standard user context.

💻 Affected Systems

Products:
  • MediaTek chipset devices with Autoboot functionality
Versions: Specific versions not publicly detailed; affected by patch ID ALPS06713894
Operating Systems: Android-based systems using MediaTek chipsets
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with MediaTek chipsets where Autoboot is enabled; exact device models not specified in public advisory.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root/admin privileges, allowing installation of persistent malware, data theft, and disabling of security controls.

🟠

Likely Case

Local privilege escalation enabling unauthorized access to sensitive system resources and applications.

🟢

If Mitigated

Limited impact if proper patch management and least privilege principles are enforced, though risk remains until patched.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access to the system.
🏢 Internal Only: HIGH - Any compromised user account on affected systems can escalate to full system control.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access but no user interaction; complexity is low due to missing permission check.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in firmware updates containing ALPS06713894

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/July-2022

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply the security patch containing ALPS06713894. 3. Reboot device to complete installation.

🔧 Temporary Workarounds

Disable unnecessary services

all

Reduce attack surface by disabling non-essential services and features

Implement strict access controls

all

Enforce least privilege and monitor for suspicious local privilege escalation attempts

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement application whitelisting and monitor for unauthorized privilege changes

🔍 How to Verify

Check if Vulnerable:

Check device firmware version and patch level; devices without ALPS06713894 patch are vulnerable

Check Version:

Device-specific commands vary by manufacturer; typically in Settings > About Phone > Build Number

Verify Fix Applied:

Verify firmware version includes ALPS06713894 patch ID in security updates

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation events
  • Autoboot service anomalies
  • Unauthorized access to protected resources

Network Indicators:

  • None - this is a local exploit

SIEM Query:

Search for privilege escalation events from standard user to root/admin on affected devices

📊 Metadata

CVE ID: CVE-2022-21777
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-862
Published: July 6, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-21777, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)