CVE-2023-42655

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Nov 1, 2023

Updated: Nov 8, 2023

Summary

CVE-2023-42655 is a cybersecurity vulnerability affecting the sim service. This issue arises due to a missing permission check, allowing an app to write permission usage records unchecked. An attacker who exploits this vulnerability can potentially escalate their privileges to gain System execution privileges, posing a significant security risk. This local privilege escalation issue can be exploited to execute malicious code with elevated privileges. The vulnerability underscores the importance of proper permission checks and access control measures to maintain system security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sqX50M
https://www.cve.org/CVERecord?id=CVE-2023-42655
https://nvd.nist.gov/vuln/detail/CVE-2023-42655

Back to Vulnerability Database