CVE-2023-21134

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Aug 14, 2023

Updated: Aug 24, 2023

CWE ID 862

Summary

CVE-2023-21134 is a vulnerability affecting the onCreate function in ManagePermissionsActivity.java. This issue allows an attacker with physical access to a device that has undergone a factory reset to bypass factory reset protections. The bypass occurs due to a missing permission check, granting local escalation of privilege without requiring any additional execution privileges or user interaction.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sQWCJg
https://www.cve.org/CVERecord?id=CVE-2023-21134
https://nvd.nist.gov/vuln/detail/CVE-2023-21134

Back to Vulnerability Database