CVE-2024-43093

HIGHCISA KEV

7.3

Description

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE Details

CVSS v3.1 Score7.3

SeverityHIGH

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack VectorLOCAL

ComplexityLOW

Privileges RequiredLOW

User InteractionREQUIRED

Published11/13/2024

Last Modified10/23/2025

Sourcekev

Honeypot Sightings0

CISA KEV

VendorAndroid

ProductFramework

Vulnerability NameAndroid Framework Privilege Escalation Vulnerability

KEV Date Added2024-11-07

Remediation Due Date2024-11-28

Ransomware UseUnknown

Affected Products

google:android

Weaknesses (CWE)

CWE-176

References

https://android.googlesource.com/platform/frameworks/base/+/7f83c671626f9bf993581f4598c22482d87cba10(security@android.com)

https://source.android.com/security/bulletin/2025-03-01(security@android.com)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43093(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.