CVE-2023-40125

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Oct 27, 2023

Updated: Oct 30, 2023

Summary

CVE-2023-40125 is a vulnerability affecting the APN editor feature in a specific software component. In the onCreate method of ApnEditor.java, there is a permission bypass issue that allows Guest users to modify the APN settings. This vulnerability grants local privilege escalation without requiring any additional execution privileges and can be exploited without user interaction.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sRa8gm
https://www.cve.org/CVERecord?id=CVE-2023-40125
https://nvd.nist.gov/vuln/detail/CVE-2023-40125

Back to Vulnerability Database