Mobile Security Framework
CVE-2023-42261
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server.
AnalysisAI
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server. Affected products include: Opensecurity Mobile Security Framework.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.
More in Mobile Security Framework
View allMobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo
MobSF versions prior to 4.4.5 are vulnerable to stored XSS through unsanitized rendering of Android manifest attributes
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor
Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability
MobSF is a mobile application security testing tool used. Rated medium severity (CVSS 6.8), this vulnerability is remote
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor
MobSF is a mobile application security testing tool used. Rated low severity (CVSS 1.3), this vulnerability is remotely
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today