CVE-2024-2364

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

10/03/2024

Last modified:

26/02/2025

Description

A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256320.

Impact

Vector 3.x

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVSS v3.1 Severity and Metrics:

Base Score: 1.80 LOW
Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Attack Vector (AV): Physical
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): None
Availability (A): None

Base Score 3.x

1.80

Severity 3.x

LOW

Vector 2.0

AV:L/AC:L/Au:M/C:P/I:N/A:N CVSS v2.0 Severity and Metrics:

Base Score: 1.40 LOW
Vector: AV:L/AC:L/Au:M/C:P/I:N/A:N

Attack Vector (AV): Local
Attack Complexity (AC): Low
Authentication (Au): Multiple
Confidentiality (C): Physical
Integrity (I): None
Availability (A): None