Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple IBM QRadar SIEM Vulnerabilities
October 17, 2023
Rewterz
Rewterz Threat Advisory – CVE-2023-5360 – WordPress WP Royal Elementor Addons and Templates Plugin Vulnerability Exploit in the Wild
October 17, 2023

Rewterz Threat Advisory – Multiple Google Android Vulnerability

Severity

High

Analysis Summary

CVE-2023-35646 CVSS:9.8

Google Android is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Shannon baseband component. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.

CVE-2023-35647 CVSS:7.5

Google Android could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read due to a missing bounds check flaw in the ProtocolEmbmsGlobalCellIdAdapter::Init() function in protocolembmsadapter.cpp. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-35648 CVSS:7.5

Google Android could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read due to a missing bounds check flaw in the ProtocolMiscLceIndAdapter::GetConfLevel() function in protocolmiscadapter.cpp. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-21266 CVSS:8.4

Google Android could allow a local attacker to gain elevated privileges on the system, caused by a permissions bypass in killBackgroundProcesses of ActivityManagerService.java. By executing a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-35652 CVSS:7.5

Google Android could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read due to a missing bounds check flaw in the ProtocolEmergencyCallListIndAdapter::Init function in protocolcalladapter.cpp. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

Impact

  • Code Execution
  • Gain Access
  • Information Theft
  • Privilege Escalation

Indicators Of Compromise

CVE

  • CVE-2023-35646
  • CVE-2023-35647
  • CVE-2023-35648
  • CVE-2023-21266
  • CVE-2023-35652

Affected Vendors

Google

Affected Products

  • Google Android

Remediation

Upgrade to the latest version of Android, available from the Google Web site

Google Web site