PT-2021-16584 · Unknown · Secsettings

Published

2021-06-11

Updated

2021-06-16

CVE-2021-25393

CVSS v3.1

6.6

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions: SecSettings versions prior to SMR MAY-2021 Release 1

Description: The issue is related to improper sanitization of incoming intent in SecSettings, allowing local attackers to gain permissions and access system uid data.

Recommendations: For versions prior to SMR MAY-2021 Release 1, update to SMR MAY-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive system uid data until the update is applied.

Exploit

Fix

Code Injection

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-732

Related Identifiers

CVE-2021-25393

Affected Products

Secsettings

PT-2021-16584 · Unknown · Secsettings

CVE-2021-25393

Weakness Enumeration

Related Identifiers

Affected Products

References · 5