CVE-2023-21242
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-21242 is a recently disclosed vulnerability that affects the code logic in the InsecureEapNetworkHandler.java file, specifically in the isServerCertChainValid method. This issue allows an attacker to potentially trust an imposter server, leading to a remote privilege escalation. No additional execution privileges are required for exploitation, meaning an attacker can take advantage of this vulnerability even without having standard user rights. This logic error in the code enables the bypassing of security checks, posing a significant risk to affected systems.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Android