CVE-2023-21421
published 2023-02-09CVE-2023-21421: Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access…
PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.16%
5.2th percentile
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azure_sdk | — | — |
| samsung | android | — | — |
| samsung | android | — | — |
| samsung | android | — | — |
| samsung | android | — | — |
| samsung_mobile | samsung_mobile_devices | >= Q(10), R(11), S(12), T(13) < SMR Jan-2023 Release 1 | SMR Jan-2023 Release 1 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3f4g-2mxw-53h3: Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker
ghsa_unreviewed·2023-02-09
CVE-2023-21421 [HIGH] CWE-269 GHSA-3f4g-2mxw-53h3: Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
Microsoft
Azure SDK Spoofing Vulnerability
vendor_msrc·2024-03-12·CVSS 7.5
CVE-2024-21421 [HIGH] CWE-1395 Azure SDK Spoofing Vulnerability
Azure SDK Spoofing Vulnerability
FAQ: What actions do customers need to take to protect themselves from this vulnerability?
Customers with deployments created prior to Oct 19. 2023 must manually upgrade azure-core to Azure Core Build 1.29.5 or higher to be protected. For information reference the following: https://azure.github.io/azure-sdk/releases/latest/index.html. Customers with deployments created after October 19, 2023 recieved the fix automatically and no action is needed.
Azure SDK: Azure SDK
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Spoofing
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Remediation: Release Notes
Reference: https://azure.github.io/azure-sdk/
Reference: https://learn.microsoft.c
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-02-09
Published