CVE-2023-40132

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 21, 2025

Updated: Jan 22, 2025

CWE ID 863

Summary

CVE-2023-40132 is a vulnerability affecting the Android operating system. In RingtoneManager.java's setActualDefaultRingtoneUri function, a missing permission check allows for bypassing content providers' read permissions. This issue could result in local privilege escalation, allowing an attacker to gain additional system-level access without requiring additional execution privileges. However, user interaction is necessary to exploit this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sRbNj8
https://www.cve.org/CVERecord?id=CVE-2023-40132
https://nvd.nist.gov/vuln/detail/CVE-2023-40132

Back to Vulnerability Database

CVE-2023-40132

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations