CVE-2023-21231

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 14, 2023
Updated: Aug 18, 2023

Summary

CVE-2023-21231 is a vulnerability affecting the getIntentForButton function in ButtonManager.java. This issue allows an unprivileged application to initiate a non-exported or permission-protected activity without proper permission checks. Consequently, an attacker can exploit this vulnerability to escalate local privileges, gaining elevated access to the system without requiring any additional execution privileges or user interaction.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share