CVE-2023-21673 — Vulnetix

CVE-2023-21673 PUBLISHED CVSS 9.300000190734863 CRITICAL

In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten "Framework", "System", "Google Play System Updates", "ARM components", "MediaTek components", "Unisoc components", "Qualcomm components" sowie"Qualcomm closed-source components". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.

EPSS 0.02% · 7.3th percentile

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.02%

7.3th percentile

Affected Products

Vendor	Product	Versions
Google	Google Android 12L
Google	Google Android 13
Google	Google Android 12
Google	Google Android 11

Exploit Intelligence

https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin (circl)
https://www.cisa.gov/news-events/alerts/2023/12/05/cisa-adds-four-known-exploited-vulnerabilities-catalog (certbund)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
CVE-2023-4863.yar (github-yara)
CVE-2023-4863.yar (github-yara)

…and 4 more exploits

Timeline

Oct 3, 2023 EPSS Score
Oct 3, 2023 CVE Published
Oct 5, 2023 PoC Published
Nov 4, 2023 EPSS Score
Dec 5, 2023 EPSS Score
Jan 6, 2024 EPSS Score
Feb 7, 2024 EPSS Score
Mar 10, 2024 EPSS Score
Apr 10, 2024 EPSS Score
May 12, 2024 EPSS Score
Jun 13, 2024 EPSS Score
Jul 15, 2024 EPSS Score

References

Open in Interactive Console →