APN Permission Bypass Vulnerability in ApnEditor.java

APN Permission Bypass Vulnerability in ApnEditor.java

CVE-2023-40125 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Learn more about our User Device Pen Test.