CVE-2024-23453

Summary

CVE-2024-23453 is a vulnerability found in the Android Spoon application versions 7.11.1 to 8.6.0. The vulnerability arises from the use of hard-coded credentials, which can be exploited by a local attacker who reverse-engineers the application binary to retrieve the hard-coded API key. This API key can then be used to gain unauthorized access to the associated service. The vulnerability has a base severity rating of MEDIUM and a base score of 5.5, indicating that it poses a significant risk to organizations as it allows for high confidentiality impact. The exploitability score is 1.8, suggesting that it is relatively easy for an attacker to exploit this vulnerability with low privileges required and no user interaction needed. The attack vector is labeled as LOCAL, meaning that an attacker needs access to the targeted device locally in order to exploit this vulnerability. It is important for organizations using the affected versions of Android Spoon application to remediate this issue by updating to a patched version that addresses the hard-coded credentials flaw.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.