CVE-2023-21461 — Improper Authorization in Mobile Devices

CWE-285 — Improper Authorization3 documents3 sources

Severity

5.5MEDIUMNVD

CNA4.0

EPSS

0.1%

top 84.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Samsung Android

Timeline

PublishedMar 16

Description

Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesAndroid 12, 13 — SMR Mar-2023 Release 1

▶NVDsamsung/android11.0, 12.0, 13.0+2

🔴Vulnerability Details

GHSA

GHSA-rqrp-jf3c-7j6j: Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device o↗2023-03-16

▶

CVEList

CVE-2023-21461: Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device o↗2023-03-16

▶