CVE-2024-20012
CVSS 3.1 Score 6.7 of 10 (medium)
Details
Published Feb 5, 2024
Updated: Feb 9, 2024
CWE ID 843
Summary
CVE-2024-20012 is a newly disclosed vulnerability affecting the keyInstall function. It involves type confusion, which can lead to a privilege escalation, granting local attackers System execution privileges without requiring user interaction. This issue is significant as it could allow an attacker to elevate their privileges, potentially gaining full control over the affected system. The patch for this vulnerability is identified as ALPS08358566, and it is strongly recommended that affected systems be updated as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Android
Affected Vendors
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
Note: This is just a basic overview providing quick insights into CVE-2024-20012 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions