CVE-2023-21461 MEDIUM

CVE-2023-21461

Vendor Samsung Mobile

Product Samsung Mobile Devices

Weakness CWE-285

Published March 16, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

4.0/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity.

Key dates

02Disclosure timeline

March 16, 2023 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-21461

Related vulnerabilities

04Related CVE

CVE-2026-33162 Craft CMS: Authorization bypass in "entries/move-to-section" allows control panel user to move entries without section permissions CVE-2022-36870 CVE-2026-10218 nextlevelbuilder GoClaw evolution_handlers.go auth improper authorization CVE-2024-21987 Improper Authorization Vulnerability in SnapCenter CVE-2026-34370 Chamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notes

Identifiers

CVE CVE-2023-21461

CWE CWE-285

CVSS 4.0 / MEDIUM

Affected versions

Vendor Samsung Mobile

Product Samsung Mobile Devices

Affected ≥ Android 12, 13 and < SMR Mar-2023 Release 1