Path Traversal Vulnerability in MmsProvider.java Allows for Unauthorized Directory Permission Modification
CVE-2023-21268 · MEDIUM Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.
Learn more about our User Device Pen Test.