CVE-2024-23453

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jan 24, 2024
Updated: Jan 29, 2024
CWE ID 798

Summary

CVE-2024-23453 is a vulnerability found in the Android Spoon application versions 7.11.1 to 8.6.0. The vulnerability arises from the use of hard-coded credentials, which can be exploited by a local attacker who reverse-engineers the application binary to retrieve the hard-coded API key. This API key can then be used to gain unauthorized access to the associated service. The vulnerability has a base severity rating of MEDIUM and a base score of 5.5, indicating that it poses a significant risk to organizations as it allows for high confidentiality impact. The exploitability score is 1.8, suggesting that it is relatively easy for an attacker to exploit this vulnerability with low privileges required and no user interaction needed. The attack vector is labeled as LOCAL, meaning that an attacker needs access to the targeted device locally in order to exploit this vulnerability. It is important for organizations using the affected versions of Android Spoon application to remediate this issue by updating to a patched version that addresses the hard-coded credentials flaw.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-23453 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options