CVE-2023-21185

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jun 28, 2023

Updated: Jul 5, 2023

CWE ID 862

Summary

CVE-2023-21185 is a vulnerability affecting multiple functions in WifiNetworkFactory.java of the Android operating system. The issue involves a missing permission check, which could enable a local privilege escalation for the guest user without requiring any additional execution privileges. This vulnerability is significant because user interaction is not necessary for exploitation, making it potentially dangerous for affected Android devices running Android-13. The product ID for the affected version is A-266700762.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rpg86u
https://www.cve.org/CVERecord?id=CVE-2023-21185
https://nvd.nist.gov/vuln/detail/CVE-2023-21185

Back to Vulnerability Database