CVE-2023-32871

{"id": "CVE-2023-32871", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}]}, "published": "2024-05-06T03:15:09.273", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/May-2024", "source": "security@mediatek.com"}, {"url": "https://corp.mediatek.com/product-security-bulletin/May-2024", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@mediatek.com", "description": [{"lang": "en", "value": "CWE-391"}]}], "descriptions": [{"lang": "en", "value": "In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514."}, {"lang": "es", "value": "En DA, existe una posible omisi\u00f3n de permiso debido a una verificaci\u00f3n de estado incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08355514; ID del problema: ALPS08355514."}], "lastModified": "2025-03-17T17:15:19.013", "sourceIdentifier": "security@mediatek.com"}