CVE-2023-42737

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 4, 2023

Updated: Dec 7, 2023

CWE ID 862

Summary

CVE-2023-42737 is a vulnerability affecting telecom services that allows an app to write permission usage records without proper checks in place. This issue does not require any additional execution privileges and could result in local information disclosure. The missing permission validation creates a risk of unintended data exposure, potentially compromising sensitive information. The telecom industry is urged to apply the necessary patches or updates to mitigate this vulnerability and prevent unauthorized access to user data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/srAC6g
https://www.cve.org/CVERecord?id=CVE-2023-42737
https://nvd.nist.gov/vuln/detail/CVE-2023-42737

Back to Vulnerability Database