Start your free trial today.

Protect your organization with cutting-edge cybersecurity solutions designed for resilience and efficiency. Secure your digital assets with confidence.

Your Shield Against Threats

Unleash the Power of Cybersecurity

Boost Your Security, Enhance Your Business

We solve Your Cyber Challenges

Quick Links

Resources

Deepaegis Portals

Android Framework Privilege Escalation Vulnerability

CVSS SCORE:7.8

CVE ID:CVE-2024-43093

SEVERITY:High

Vendor:Android

Reporter:security@android.com

Exploitable?No

Summary

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Impact

Android Framework contains an unspecified vulnerability that allows for privilege escalation.

Affected Products

Framework

CVSS Metrics

Source: nvd@nist.gov

version3.1

vectorStringCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

baseScore7.8

baseSeverityHIGH

attackVectorLOCAL

attackComplexityLOW

privilegesRequiredNONE

userInteractionREQUIRED

scopeUNCHANGED

confidentialityImpactHIGH

integrityImpactHIGH

availabilityImpactHIGH

CWE Information

Source: nvd@nist.gov,Type: Primary

Action Information

Action Due: 11/28/2024

Remediation: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Exploit Added Date: 11/7/2024

Patch and Mitigation Information

Patch Information

Temporary Fixes / Workarounds

No temporary fixes provided

Recommended Security Measures

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Detection Methods

No detection methods provided

Date Of Vendor Response

Not specified

Date Of Patch Release

Not specified

Additional Information

References

security@android.com:https://android.googlesource.com/platform/frameworks/base/+/7f83c671626f9bf993581f4598c22482d87cba10

security@android.com:https://source.android.com/security/bulletin/2025-03-01

Affected Organizations

No affected organizations specified

Confidentiality Notice

This document contains sensitive information. Unauthorized distribution is prohibited.

Vulnerability Advisory

Published 11/13/2024

Updated 8/26/2025