CVE-2023-35665

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 11, 2023

Updated: Sep 13, 2023

CWE ID 862

Summary

CVE-2023-35665 is a vulnerability affecting multiple files where a missing permission check allows for the importing of contacts from other users. This issue grants local escalation of privilege to the attacker, permitting them to elevate their access level without requiring any additional execution privileges. The exploitation of this vulnerability does not necessitate user interaction.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/skmcON
https://www.cve.org/CVERecord?id=CVE-2023-35665
https://nvd.nist.gov/vuln/detail/CVE-2023-35665

Back to Vulnerability Database