CVE-2023-40125
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Oct 27, 2023
Updated: Oct 30, 2023
Summary
CVE-2023-40125 is a vulnerability affecting the APN editor feature in a specific software component. In the onCreate method of ApnEditor.java, there is a permission bypass issue that allows Guest users to modify the APN settings. This vulnerability grants local privilege escalation without requiring any additional execution privileges and can be exploited without user interaction.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Android