PT-2023-28392 · Unknown · Libsec-Ril
Balance
·
Published
2023-11-07
·
Updated
2024-01-27
·
CVE-2023-42527
CVSS v3.1
5.6
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
libsec-ril versions prior to SMR Nov-2023 Release 1
Description
The issue is related to an improper input validation vulnerability in the ProcessWriteFile function of libsec-ril. This vulnerability allows local attackers to expose sensitive information.
Recommendations
For versions prior to SMR Nov-2023 Release 1, update to SMR Nov-2023 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ProcessWriteFile function to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libsec-Ril