CVE-2023-32871 : In DA, there is a possible permission bypass due to an incorrect status check. T

In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514.

Published 2024-05-06 03:15:09

Updated 2025-03-17 17:15:19

Source MediaTek, Inc.

View at NVD, CVE.org

Products affected by CVE-2023-32871

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-32871

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 9 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-32871

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.3	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	1.8	3.4	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-03-17
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low

CWE ids for CVE-2023-32871

CWE-391 Unchecked Error Condition

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.

Assigned by: security@mediatek.com (Secondary)

References for CVE-2023-32871

https://corp.mediatek.com/product-security-bulletin/May-2024

May 2024

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-32871

Products affected by CVE-2023-32871

Exploit prediction scoring system (EPSS) score for CVE-2023-32871

CVSS scores for CVE-2023-32871

CWE ids for CVE-2023-32871

References for CVE-2023-32871