Missing Permission Check in Telecom Service by Unisoc
CVE-2023-42736
7.8HIGH
Key Information:
- Vendor
- Unisoc
- Vendor
- CVE Published:
- 4 December 2023
Summary
A vulnerability in Unisoc's telecom service has been identified that allows for local escalation of privilege due to a missing permission check. Attackers could potentially exploit this vulnerability without requiring any additional execution privileges, posing significant risks to system integrity and data security.
Affected Version(s)
SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 Android11/Android12/Android13
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved