Known Exploited Vulnerability
7.8
HIGH
CVE-2024-43093
Android Framework Privilege Escalation Vulnerabili - [Actively Exploited]
Description

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

INFO

Published Date :

Nov. 13, 2024, 6:15 p.m.

Last Modified :

Nov. 14, 2024, 9:42 p.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Android Framework contains an unspecified vulnerability that allows for privilege escalation.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

https://source.android.com/docs/security/bulletin/2024-11-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43093

Public PoC/Exploit Available at Github

CVE-2024-43093 has a 2 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-43093 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Google android
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-43093.

URL Resource
https://android.googlesource.com/platform/frameworks/base/+/67d6e08322019f7ed8e3f80bd6cd16f8bcb809ed Patch
https://source.android.com/security/bulletin/2024-11-01 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Updated: 3 weeks ago
5 stars 0 fork 0 watcher
Born at : Nov. 13, 2024, 4:45 p.m. This repo has been linked 2 different CVEs too.

CVE-2024-43093

Updated: 1 week, 4 days ago
4 stars 0 fork 0 watcher
Born at : Nov. 5, 2024, 3:06 p.m. This repo has been linked 2 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-43093 vulnerability anywhere in the article.

  • Kaspersky
Advanced threat predictions for 2025

We at Kaspersky’s Global Research and Analysis Team monitor over 900 APT (advanced persistent threat) groups and operations. At the end of each year, we take a step back to assess the most complex and ... Read more

Published Date: Nov 25, 2024 (1 week, 2 days ago)
  • Cybersecurity News
Ivanti Connect Secure, Policy Secure and Secure Access Client Affected by Critical Vulnerabilities

Ivanti has released urgent security updates to address a range of vulnerabilities, including critical remote code execution (RCE) flaws, in its Connect Secure, Policy Secure, and Secure Access Client ... Read more

Published Date: Nov 13, 2024 (3 weeks, 1 day ago)
  • Cybersecurity News
CVE-2024-10575 (CVSS 10): Critical Flaw in Schneider Electric’s EcoStruxure IT Gateway

Schneider Electric has published a security notification about a critical vulnerability in its EcoStruxure™ IT Gateway platform, which connects IT infrastructure devices to the cloud for monitoring an ... Read more

Published Date: Nov 13, 2024 (3 weeks, 1 day ago)
  • Cybersecurity News
CVE-2024-50330 (CVSS 9.8): Unpatched Ivanti Endpoint Manager Vulnerable to RCE Attacks

Software company Ivanti has released urgent security updates for its Endpoint Manager to address a range of vulnerabilities, including several that could allow for remote code execution (RCE).The vuln ... Read more

Published Date: Nov 12, 2024 (3 weeks, 1 day ago)
  • Cybersecurity News
CVE-2024-8068 & CVE-2024-8069: Citrix Session Recording Manager Unauthenticated RCE Exploits Publicly Available

Security researchers at watchTowr have uncovered two critical vulnerabilities in Citrix Session Recording Manager that, when chained together, allow unauthenticated remote code execution (RCE) on Citr ... Read more

Published Date: Nov 12, 2024 (3 weeks, 1 day ago)
  • Cybersecurity News
CVE-2024-44102 (CVSS 10) Found in Siemens TeleControl Server Basic: Urgent Update Required

A critical security vulnerability has been discovered in Siemens TeleControl Server Basic V3.1, a software solution used for remote monitoring and control of industrial plants. The vulnerability, iden ... Read more

Published Date: Nov 12, 2024 (3 weeks, 1 day ago)
  • Cybersecurity News
CVE-2024-11068 (CVSS 9.8): Critical D-Link DSL-6740C Flaw, Immediate Replacement Advised

TWCERT/CC has issued multiple security advisories for the D-Link DSL-6740C modem, revealing a range of severe vulnerabilities that could expose users to remote attacks.The modem, which is no longer su ... Read more

Published Date: Nov 12, 2024 (3 weeks, 2 days ago)
  • Cybersecurity News
JavaScript Drive-By Attacks: New Exploits without 0-Day in Google Chrome

Ron Masas from Imperva Threat Research has uncovered a new way attackers can target Chrome users without relying on 0-day vulnerabilities. This approach leverages the File System Access API, which all ... Read more

Published Date: Nov 12, 2024 (3 weeks, 2 days ago)
  • The Hacker News
Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation

Machine Learning / Vulnerability Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning (ML) related open-source projects. These comprise vulne ... Read more

Published Date: Nov 11, 2024 (3 weeks, 2 days ago)
  • The Hacker News
HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities

Vulnerability / Risk Mitigation Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two criti ... Read more

Published Date: Nov 11, 2024 (3 weeks, 2 days ago)
  • The Hacker News
Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware

Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Remcos RAT "provides purchases with a wide range of ... Read more

Published Date: Nov 11, 2024 (3 weeks, 2 days ago)
  • The Register
Alleged Snowflake attacker gets busted by Canadians – politely, we assume

in brief One of the suspected masterminds behind the widespread Snowflake breach has been arrested in Canada – but the saga isn't over, eh. Alexander "Connor" Moucka was apprehended last week at the r ... Read more

Published Date: Nov 11, 2024 (3 weeks, 3 days ago)
  • Cybersecurity News
Fickle Stealer: The New Rust-Based Malware Masquerading as GitHub Desktop

Attack flow | Image: TrellixIn a recent report by Trellix researchers Mallikarjun Wali and Sangram Mohapatro, a new Rust-based malware called Fickle Stealer has surfaced, posing a significant threat t ... Read more

Published Date: Nov 11, 2024 (3 weeks, 3 days ago)
  • Help Net Security
Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Synology has releas ... Read more

Published Date: Nov 10, 2024 (3 weeks, 3 days ago)
  • The Hacker News
Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns

Vulnerability / Network Security Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potenti ... Read more

Published Date: Nov 09, 2024 (3 weeks, 4 days ago)
  • The Hacker News
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

IoT Security / Vulnerability The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying th ... Read more

Published Date: Nov 08, 2024 (3 weeks, 5 days ago)
  • The Hacker News
CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability

Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its ... Read more

Published Date: Nov 08, 2024 (3 weeks, 5 days ago)
  • Cybersecurity News
CISA Expands KEV Catalog with Four Actively Exploited Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an updated advisory regarding four security vulnerabilities actively exploited in the wild. These vulnerabilities, now included i ... Read more

Published Date: Nov 08, 2024 (3 weeks, 6 days ago)
  • The Hacker News
SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims

An ongoing phishing campaign is employing copyright infringement-related themes to trick victims into downloading a newer version of the Rhadamanthys information stealer since July 2024. Cybersecurity ... Read more

Published Date: Nov 07, 2024 (3 weeks, 6 days ago)
  • The Hacker News
Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems

Vulnerability / Wireless Technology Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul (URWB) Access Points that could permit un ... Read more

Published Date: Nov 07, 2024 (3 weeks, 6 days ago)
  • The Cyber Express
Google Addresses Two Android Zero-Days Used in Targeted Attacks

In its November security update, Google has patched two critical Android zero-days actively exploited in targeted attacks, along with 49 additional vulnerabilities. Google flagged these zero-day flaws ... Read more

Published Date: Nov 06, 2024 (4 weeks ago)
  • Cybersecurity News
AWS IAM Roles Anywhere: A Potential Backdoor for Attackers?

Example of script that automates IAM Roles Anywhere configuration | Image: AdanIn a recent publication, cybersecurity engineer Adan explores a potentially underappreciated security risk in Amazon Web ... Read more

Published Date: Nov 06, 2024 (4 weeks, 1 day ago)
  • Dark Reading
Android Botnet 'ToxicPanda' Bashes Banks Across Europe, Latin America

Source: Oneinchpunch via Alamy Stock Photo Researchers have designated a new botnet on the scene — initially suspected to be a part of the Toxic banking Trojan family — as a whole new spinoff strain w ... Read more

Published Date: Nov 05, 2024 (4 weeks, 1 day ago)
  • BleepingComputer
Google fixes two Android zero-days used in targeted attacks

Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. Tracked as CVE-2024-43047 and CVE-2024-43093, the two iss ... Read more

Published Date: Nov 05, 2024 (4 weeks, 1 day ago)
  • Help Net Security
Google patches actively exploited Android vulnerability (CVE-2024-43093)

Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, ... Read more

Published Date: Nov 05, 2024 (4 weeks, 1 day ago)
  • The Hacker News
Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Mobile Security / Vulnerability Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-430 ... Read more

Published Date: Nov 05, 2024 (1 month ago)
  • Cybersecurity News
CVE-2024-43047 & CVE-2024-43093: Android Zero-Days Demand Immediate Patching

In its November 2024 security update, Google has addressed 40 security vulnerabilities in the Android operating system, two of which are flagged as actively exploited: CVE-2024-43047 and CVE-2024-4309 ... Read more

Published Date: Nov 05, 2024 (1 month ago)

The following table lists the changes that have been made to the CVE-2024-43093 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Nov. 14, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    Changed Reference Type https://android.googlesource.com/platform/frameworks/base/+/67d6e08322019f7ed8e3f80bd6cd16f8bcb809ed No Types Assigned https://android.googlesource.com/platform/frameworks/base/+/67d6e08322019f7ed8e3f80bd6cd16f8bcb809ed Patch
    Changed Reference Type https://source.android.com/security/bulletin/2024-11-01 No Types Assigned https://source.android.com/security/bulletin/2024-11-01 Vendor Advisory
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* *cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* *cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:* *cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Nov. 14, 2024

    Action Type Old Value New Value
    Added Due Date 2024-11-28
    Added Vulnerability Name Android Framework Privilege Escalation Vulnerability
    Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    Added Date Added 2024-11-07
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Nov. 13, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 CISA-ADP AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE Received by [email protected]

    Nov. 13, 2024

    Action Type Old Value New Value
    Added Description In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
    Added Reference Android (associated with Google Inc. or Open Handset Alliance) https://android.googlesource.com/platform/frameworks/base/+/67d6e08322019f7ed8e3f80bd6cd16f8bcb809ed [No types assigned]
    Added Reference Android (associated with Google Inc. or Open Handset Alliance) https://source.android.com/security/bulletin/2024-11-01 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-43093 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-43093 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability