Path Traversal Vulnerability in MmsProvider.java Allows for Unauthorized Directory Permission Modification

Path Traversal Vulnerability in MmsProvider.java Allows for Unauthorized Directory Permission Modification

CVE-2023-21268 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.

Learn more about our User Device Pen Test.