CVE-2023-20971

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-863
View all →

Vulnerability Description

In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Related Vulnerabilities

CVE-2009-0034

HIGH
CVSS:7.8(High)

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows ...

CWE-8632009

CVE-2010-2525

HIGH
CVSS:7.8(High)

A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file s...

CWE-8632010

CVE-2011-1070

HIGH
CVSS:7.8(High)

v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.

CWE-8632011

CVE-2017-4915

HIGH
CVSS:7.8(High)

VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to e...

CWE-8632017

CVE-2017-4946

HIGH
CVSS:7.8(High)

The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating t...

CWE-8632017

CVE-2017-5618

HIGH
CVSS:7.8(High)

GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.

CWE-8632017