CVE-2023-21397: 
NixOS vulnerability analysis and mitigation

CVE-2023-21397 is a critical vulnerability in Android's Setup Wizard that could allow for local escalation of privilege. The vulnerability was disclosed in October 2023 and affects Android versions prior to 14.0. The vulnerability stems from an insecure default value in the Setup Wizard that could allow saving a WiFi network without proper authorization (NVD, CIS Advisory).

The vulnerability has a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability allows for local escalation of privilege with no additional execution privileges needed and requires no user interaction for exploitation (NVD).

If successfully exploited, this vulnerability could allow an attacker to escalate privileges locally on the affected device. The attacker could potentially gain elevated access to system resources and perform unauthorized actions without requiring additional execution privileges (NVD).

The vulnerability has been patched in Android 14.0. Users and organizations should update their Android devices to version 14.0 or later to protect against this vulnerability (NVD).