CVE-2023-21456

Summary

Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung Mobile DevicesAndroid 11, 12, 13 < SMR Mar-2023 Release 1affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References