CVE-2023-21133

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Aug 14, 2023
Updated: Aug 24, 2023
CWE ID 862

Summary

CVE-2023-21133 is a vulnerability affecting the ManagePermissionsActivity.java file. In the onCreate method, a missing permission check enables an attacker to bypass factory reset protections with no need for additional execution privileges. This local privilege escalation can be exploited with physical access to the device after a factory reset, without requiring any user interaction.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share