Privilege Escalation Vulnerability in MediaTek AEE Software
CVE-2023-32855

6.7MEDIUM

Key Information:

Vendor: MediaTek
Status: MT2735, MT2737, MT6765, MT6768, MT6769, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6885, MT6889, MT6890, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8667, MT8765, MT8768, MT8786, MT8791, MT8791T, MT8791WIFI, MT8798
Vendor: CVE Published:; 4 December 2023

What is CVE-2023-32855?

A vulnerability exists in MediaTek's AEE software that allows for local privilege escalation due to the absence of proper permission checks. This flaw may enable unauthorized users to gain system execution privileges without requiring any user interaction, potentially leading to significant security risks. Affected systems are advised to apply the provided patch to mitigate the risk associated with this vulnerability.

Affected Version(s)

MT2735, MT2737, MT6765, MT6768, MT6769, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6885, MT6889, MT6890, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8667, MT8765, MT8768, MT8786, MT8791, MT8791T, MT8791WIFI, MT8798 Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6, 3.3, 4.0 / RDK-B 22Q3

References

https://corp.mediatek.com/product-security-bulletin/Decem...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2023
Vulnerability Reserved
May 16, 2023