CVE-2021-25410

Description

Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege.

Related CPE's

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

NONE

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

7.1

VectorString

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

3.6

VectorString

AV:L/AC:L/Au:N/C:P/I:P/A:N

Version

2.0

AccessVector

LOCAL

Authentication

NONE