How severe is CVE-2021-25397?

CVE-2021-25397 has a CVSS v3 score of 6.8 (MEDIUM).

CVE-2021-25397

Name: android
Author: google

6.8MEDIUM

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

Publicado: 6/11/2021Atualizado: 11/21/2024

Descrição

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

Análise IADesenvolvido por IA

Produtos Afetados

googleandroid

9.0

googleandroid

10.0

googleandroid

11.0

Referências

https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/
ExploitThird Party Advisory
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5
Vendor Advisory
https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/
ExploitThird Party Advisory
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5
Vendor Advisory