CVE-2023-40120

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Oct 27, 2023

Updated: Oct 30, 2023

Summary

CVE-2023-40120 is a recently disclosed vulnerability affecting multiple locations. It permits an attacker to bypass user notification for foreground services due to a lack of proper input validation. This weakness could result in local privilege escalation, allowing an attacker to elevate their privileges without requiring additional execution privileges. Importantly, user interaction is not necessary for an exploit to succeed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sRbLm4
https://www.cve.org/CVERecord?id=CVE-2023-40120
https://nvd.nist.gov/vuln/detail/CVE-2023-40120

Back to Vulnerability Database