CVE-2023-21267

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 14, 2023
Updated: Jul 3, 2024
CWE ID 200

Summary

CVE-2023-21267 is a vulnerability affecting multiple functions in KeyguardViewMediator.java. This issue results in a logic error, enabling a bypass of lockdown mode with screen pinning. The consequence of this vulnerability is local information disclosure, meaning sensitive data can be accessed, without the requirement for additional execution privileges. Distinctively, user interaction is not necessary for an attacker to successfully exploit this weakness.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share