CVE-2023-26321 Vulnerability Details

  /     /     /  

CVE-2023-26321 Metadata Quick Info

CVE Published: 28/08/2024 | CVE Updated: 28/08/2024 | CVE Year: 2023
Source: Xiaomi | Vendor: Xiaomi | Product: Xiaomi File Manager App International Version
Status : PUBLISHED

CVE-2023-26321 Description

A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.

Metrics

CVSS Version: 3.1 | Base Score: 6.3 MEDIUM
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* PHYSICAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: A path traversal vulnerability exists
Source: Xiaomi

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: Xiaomi File Manager App International Version V1-210567


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2023-26321 Vulnerability Details