CVE-2023-21284

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 14, 2023

Updated: Aug 21, 2023

CWE ID 20

Summary

CVE-2023-21284 is a vulnerability affecting multiple functions in DevicePolicyManager.java. The issue lies in improper input validation, allowing an attacker to prevent the enabling of the Find my Device feature. This local denial of service requires User execution privileges and does not necessitate user interaction for exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sQVxM3
https://www.cve.org/CVERecord?id=CVE-2023-21284
https://nvd.nist.gov/vuln/detail/CVE-2023-21284

Back to Vulnerability Database