CVE-2024-43093
Android Framework Privilege Escalation Vulnerabili - [Actively Exploited]
Description
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
INFO
Published Date :
Nov. 13, 2024, 6:15 p.m.
Last Modified :
Nov. 14, 2024, 9:42 p.m.
Source :
[email protected]
Remotely Exploitable :
No
Impact Score :
5.9
Exploitability Score :
1.8
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Android Framework contains an unspecified vulnerability that allows for privilege escalation.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
https://source.android.com/docs/security/bulletin/2024-11-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43093
Public PoC/Exploit Available at Github
CVE-2024-43093 has a 2 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-43093.
| URL | Resource |
|---|---|
| https://android.googlesource.com/platform/frameworks/base/+/67d6e08322019f7ed8e3f80bd6cd16f8bcb809ed | Patch |
| https://source.android.com/security/bulletin/2024-11-01 | Vendor Advisory |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
CVE-2024-43093
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-43093 vulnerability anywhere in the article.
-
Kaspersky
Advanced threat predictions for 2025
We at Kaspersky’s Global Research and Analysis Team monitor over 900 APT (advanced persistent threat) groups and operations. At the end of each year, we take a step back to assess the most complex and ... Read more
-
Cybersecurity News
Ivanti Connect Secure, Policy Secure and Secure Access Client Affected by Critical Vulnerabilities
Ivanti has released urgent security updates to address a range of vulnerabilities, including critical remote code execution (RCE) flaws, in its Connect Secure, Policy Secure, and Secure Access Client ... Read more
-
Cybersecurity News
CVE-2024-10575 (CVSS 10): Critical Flaw in Schneider Electric’s EcoStruxure IT Gateway
Schneider Electric has published a security notification about a critical vulnerability in its EcoStruxure™ IT Gateway platform, which connects IT infrastructure devices to the cloud for monitoring an ... Read more
-
Cybersecurity News
CVE-2024-50330 (CVSS 9.8): Unpatched Ivanti Endpoint Manager Vulnerable to RCE Attacks
Software company Ivanti has released urgent security updates for its Endpoint Manager to address a range of vulnerabilities, including several that could allow for remote code execution (RCE).The vuln ... Read more
-
Cybersecurity News
CVE-2024-8068 & CVE-2024-8069: Citrix Session Recording Manager Unauthenticated RCE Exploits Publicly Available
Security researchers at watchTowr have uncovered two critical vulnerabilities in Citrix Session Recording Manager that, when chained together, allow unauthenticated remote code execution (RCE) on Citr ... Read more
-
Cybersecurity News
CVE-2024-44102 (CVSS 10) Found in Siemens TeleControl Server Basic: Urgent Update Required
A critical security vulnerability has been discovered in Siemens TeleControl Server Basic V3.1, a software solution used for remote monitoring and control of industrial plants. The vulnerability, iden ... Read more
-
Cybersecurity News
CVE-2024-11068 (CVSS 9.8): Critical D-Link DSL-6740C Flaw, Immediate Replacement Advised
TWCERT/CC has issued multiple security advisories for the D-Link DSL-6740C modem, revealing a range of severe vulnerabilities that could expose users to remote attacks.The modem, which is no longer su ... Read more
-
Cybersecurity News
JavaScript Drive-By Attacks: New Exploits without 0-Day in Google Chrome
Ron Masas from Imperva Threat Research has uncovered a new way attackers can target Chrome users without relying on 0-day vulnerabilities. This approach leverages the File System Access API, which all ... Read more
-
The Hacker News
Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation
Machine Learning / Vulnerability Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning (ML) related open-source projects. These comprise vulne ... Read more
-
The Hacker News
HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities
Vulnerability / Risk Mitigation Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two criti ... Read more
-
The Hacker News
Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware
Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Remcos RAT "provides purchases with a wide range of ... Read more
-
The Register
Alleged Snowflake attacker gets busted by Canadians – politely, we assume
in brief One of the suspected masterminds behind the widespread Snowflake breach has been arrested in Canada – but the saga isn't over, eh. Alexander "Connor" Moucka was apprehended last week at the r ... Read more
-
Cybersecurity News
Fickle Stealer: The New Rust-Based Malware Masquerading as GitHub Desktop
Attack flow | Image: TrellixIn a recent report by Trellix researchers Mallikarjun Wali and Sangram Mohapatro, a new Rust-based malware called Fickle Stealer has surfaced, posing a significant threat t ... Read more
-
Help Net Security
Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Synology has releas ... Read more
-
The Hacker News
Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns
Vulnerability / Network Security Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potenti ... Read more
-
The Hacker News
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
IoT Security / Vulnerability The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying th ... Read more
-
The Hacker News
CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability
Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its ... Read more
-
Cybersecurity News
CISA Expands KEV Catalog with Four Actively Exploited Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an updated advisory regarding four security vulnerabilities actively exploited in the wild. These vulnerabilities, now included i ... Read more
-
The Hacker News
SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims
An ongoing phishing campaign is employing copyright infringement-related themes to trick victims into downloading a newer version of the Rhadamanthys information stealer since July 2024. Cybersecurity ... Read more
-
The Hacker News
Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems
Vulnerability / Wireless Technology Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul (URWB) Access Points that could permit un ... Read more
-
The Cyber Express
Google Addresses Two Android Zero-Days Used in Targeted Attacks
In its November security update, Google has patched two critical Android zero-days actively exploited in targeted attacks, along with 49 additional vulnerabilities. Google flagged these zero-day flaws ... Read more
-
Cybersecurity News
AWS IAM Roles Anywhere: A Potential Backdoor for Attackers?
Example of script that automates IAM Roles Anywhere configuration | Image: AdanIn a recent publication, cybersecurity engineer Adan explores a potentially underappreciated security risk in Amazon Web ... Read more
-
Dark Reading
Android Botnet 'ToxicPanda' Bashes Banks Across Europe, Latin America
Source: Oneinchpunch via Alamy Stock Photo Researchers have designated a new botnet on the scene — initially suspected to be a part of the Toxic banking Trojan family — as a whole new spinoff strain w ... Read more
-
BleepingComputer
Google fixes two Android zero-days used in targeted attacks
Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. Tracked as CVE-2024-43047 and CVE-2024-43093, the two iss ... Read more
-
Help Net Security
Google patches actively exploited Android vulnerability (CVE-2024-43093)
Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, ... Read more
-
The Hacker News
Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System
Mobile Security / Vulnerability Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-430 ... Read more
-
Cybersecurity News
CVE-2024-43047 & CVE-2024-43093: Android Zero-Days Demand Immediate Patching
In its November 2024 security update, Google has addressed 40 security vulnerabilities in the Android operating system, two of which are flagged as actively exploited: CVE-2024-43047 and CVE-2024-4309 ... Read more
The following table lists the changes that have been made to the
CVE-2024-43093 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Nov. 14, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Changed Reference Type https://android.googlesource.com/platform/frameworks/base/+/67d6e08322019f7ed8e3f80bd6cd16f8bcb809ed No Types Assigned https://android.googlesource.com/platform/frameworks/base/+/67d6e08322019f7ed8e3f80bd6cd16f8bcb809ed Patch Changed Reference Type https://source.android.com/security/bulletin/2024-11-01 No Types Assigned https://source.android.com/security/bulletin/2024-11-01 Vendor Advisory Added CWE NIST NVD-CWE-noinfo Added CPE Configuration OR *cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* *cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* *cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:* *cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:* -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Nov. 14, 2024
Action Type Old Value New Value Added Due Date 2024-11-28 Added Vulnerability Name Android Framework Privilege Escalation Vulnerability Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Added Date Added 2024-11-07 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Nov. 13, 2024
Action Type Old Value New Value Added CVSS V3.1 CISA-ADP AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H -
CVE Received by [email protected]
Nov. 13, 2024
Action Type Old Value New Value Added Description In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Added Reference Android (associated with Google Inc. or Open Handset Alliance) https://android.googlesource.com/platform/frameworks/base/+/67d6e08322019f7ed8e3f80bd6cd16f8bcb809ed [No types assigned] Added Reference Android (associated with Google Inc. or Open Handset Alliance) https://source.android.com/security/bulletin/2024-11-01 [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-43093 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-43093
weaknesses.