CVE-2021-39767

HIGH Year: 2021
CVSS v3 Score
7.8
High
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-1188
View all →

Vulnerability Description

In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201308542

Related Vulnerabilities

CVE-2008-3278

HIGH
CVSS:7.8(High)

frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep...

CWE-11882008

CVE-2018-17485

HIGH
CVSS:7.8(High)

Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.

CWE-11882018

CVE-2018-17497

HIGH
CVSS:7.8(High)

eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.

CWE-11882018

CVE-2018-20052

HIGH
CVSS:7.8(High)

An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privilege...

CWE-11882018

CVE-2018-3667

HIGH
CVSS:7.8(High)

Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.

CWE-11882018

CVE-2018-5841

HIGH
CVSS:7.8(High)

dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (And...

CWE-11882018