CVE-2018-9371
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 19, 2024
Updated: Nov 20, 2024
CWE ID 125
CWE ID 787
Summary
CVE-2018-9371 is a vulnerability affecting the Mediatek Preloader. This issue stems from an exposed interface that permits arbitrary peripheral memory mapping, with insufficient blacklisting and whitelisting. Consequently, attackers can perform out-of-bounds reads and writes, leading to local privilege escalation. However, it's important to note that physical access to the device is required for exploitation, and no additional execution privileges are necessary for the attack to succeed. User interaction also plays a role in the exploitation process.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share