CVE-2023-20963

Published Mar 24, 2023

Last updated a month ago

Exploit knownCVSS high 7.8

Overview

Description
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
Source
security@android.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Android Framework Privilege Escalation Vulnerability
Exploit added on
Apr 13, 2023
Exploit action due
May 4, 2023
Required action
Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov
CWE-295
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-295

Social media

Hype score
Not currently trending

  1. 7 Android & Pixel FlawsExposed: Researcher Publishes PoC Exploits CVE-2024-0017, CVE-2024-34719, CVE-2023-20963 (0day) Protect your privacy and security: Discover the flaws affecting #googlepixel devices and #Android, and take steps to safeguard your data. https://t.co/bk2zNc

    @the_yellow_fall

    26 Nov 2024

    203 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2023-20963 2 - CVE-2024-46938 3 - CVE-2024-52940 4 - CVE-2024-0012 5 - CVE-2024-10220 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    23 Nov 2024

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References