CVE-2023-21291 — Vulnetix

CVE-2023-21291 PUBLISHED CVSS 9.300000190734863 CRITICAL

In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten "Framework", "System", "Google Play System Updates", "ARM components", "MediaTek components", "Unisoc components", "Qualcomm components" sowie"Qualcomm closed-source components". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.

EPSS 0.02% · 5.3th percentile

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.02%

5.3th percentile

Affected Products

Vendor	Product	Versions
Samsung	Samsung Android 12
Samsung	Samsung Android 11
Google	Google Android 12
Samsung	Samsung Android 13
Google	Google Android 11
Google	Google Android 13
Google	Google Android 12L

Exploit Intelligence

https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin (circl)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
CVE-2023-4863.yar (github-yara)
CVE-2023-4863.yar (github-yara)
CVE-2023-4863.yar (github-yara)

…and 3 more exploits

Timeline

Oct 3, 2023 CVE Published
Oct 5, 2023 PoC Published
Oct 7, 2023 EPSS Score
Nov 8, 2023 EPSS Score
Dec 9, 2023 EPSS Score
Jan 10, 2024 EPSS Score
Feb 10, 2024 EPSS Score
Mar 13, 2024 EPSS Score
Apr 14, 2024 EPSS Score
May 15, 2024 EPSS Score
Jun 16, 2024 EPSS Score
Jul 17, 2024 EPSS Score

References

Open in Interactive Console →