CVE-2023-21467
CVE-2023-21467 is a medium-severity vulnerability in Samsung Exynos with a CVSS 3.x base score of 4.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-287.
Key facts
- Severity: Medium (CVSS 3.x base score 4.6)
- EPSS exploit prediction: 0% (20th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2023-25635
- Weakness: CWE-287
- Affected product: Samsung Exynos
- Published:
- Last modified:
Description
Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message.
Frequently asked questions
- What is CVE-2023-21467?
- Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message.
- How severe is CVE-2023-21467?
- CVE-2023-21467 has a CVSS 3.x base score of 4.6, rated medium severity. It is exploitable over an adjacent network with high attack complexity, requires low privileges and no user interaction. Impact on confidentiality is low, integrity low, and availability low.
- Is CVE-2023-21467 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (20th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-21467?
- CVE-2023-21467 affects Samsung Exynos. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2023-21467?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2023-21467 have an EU (EUVD) identifier?
- Yes. CVE-2023-21467 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2023-25635.
- When was CVE-2023-21467 published?
- CVE-2023-21467 was published on 2025-09-03 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:h:samsung:exynos:-:*:*:*:*:*:*:*
More vulnerabilities in Samsung Exynos
- CVE-2020-10835 — Critical (CVSS 9.8): An issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem chipsets) software.…
- CVE-2020-25054 — Critical (CVSS 9.1): An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). There is a…
- CVE-2023-21517 — High (CVSS 8.8): Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to…
All CVEs affecting Samsung Exynos →
Other CWE-287 (Improper Authentication) vulnerabilities
- CVE-2026-45480 — Critical (CVSS 10.0): Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-46389 — Critical (CVSS 10.0): UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS…
- CVE-2026-10611 — Critical (CVSS 10.0): An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement.…
- CVE-2026-47280 — Critical (CVSS 10.0): Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a…
- CVE-2026-42822 — Critical (CVSS 10.0): Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges…
- CVE-2026-20182 — Critical (CVSS 10.0): May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and…
Browse all CWE-287 (Improper Authentication) vulnerabilities →