Side Channel Information Disclosure in Device Policy Allows Unauthorized App Verification

Side Channel Information Disclosure in Device Policy Allows Unauthorized App Verification

CVE-2023-21320 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Learn more about our User Device Pen Test.