CVE-2023-21369

2023-10-3017:15:52

google_android

web.nvd.nist.gov

cve-2023-21369

usage access

settings

permissions bypass

local denial of service

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

Affected configurations

Nvd

Vulners

Node

googleandroidRange<14.0

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Android",
    "versions": [
      {
        "version": "14",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]