CVE-2023-21358
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Oct 30, 2023
Updated: Nov 4, 2023
Summary
CVE-2023-21358 is a vulnerability affecting UWB Google where a malicious app can falsely represent itself as the system app com.android.uwb.resources, taking advantage of inappropriate cryptographic usage. This deception allows for local privilege escalation, enabling the attacker to elevate their access level without requiring any additional execution privileges. Notably, user interaction is not necessary for the exploitation of this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Android