CVE-2021-23244

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.

ColorOS preconcede permisos peligrosos a las aplicaciones que figuran en una lista blanca xml denominada default-grant-permissions.Pero algunas aplicaciones de la lista blanca no están instaladas, el atacante puede disfrazar la aplicación con el mismo nombre de paquete para obtener permisos peligrosos

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-08 CVE Reserved
2021-12-27 CVE Published
2024-08-03 CVE Updated
2024-09-11 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976	2022-07-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oppo Search vendor "Oppo"		Coloros Search vendor "Oppo" for product "Coloros"				11 Search vendor "Oppo" for product "Coloros" and version "11"		android		Affected