CVSS 3.1 Score 5.5 of 10 (medium)


Published Oct 30, 2023
Updated: Nov 3, 2023


CVE-2023-21376 is a logic error vulnerability in Telephony that allows for the retrieval of the ICCID, potentially leading to local information disclosure without the need for user interaction. The vulnerability affects multiple products, including tzDcWF, bQe5zt, YLUeDN, QtrBOA, QtrBOB, and many others. To remediate the vulnerability, it is recommended to apply the latest patches or updates provided by the affected product vendors. The potential danger posed by this vulnerability is high as it can expose sensitive information and compromise the confidentiality of an organization's data. The CVE has a base severity rating of MEDIUM and a base score of 5.5 according to NIST.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-21376 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options