← back
CVE-2023-21358

CVE-2023-21358

CVSS 7.8 HIGHEPSS 0.1%CWE-295
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Oct 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Google · Android

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →