CVE-2021-25397

Medium

5.5/10

Summary

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: NONE

References

Advisory Timeline

Published Jun 11, 2021

CVE-2021-25397

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS