Rewterz Threat Advisory – Multiple Google Android Framework Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-21249 CVSS:9.8

Google Android could allow a remote attacker to obtain sensitive information, caused by an error in the Framework component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information from the system.

CVE-2023-21239 CVSS:7.5

Google Android could allow a remote attacker to obtain sensitive information, caused by an error in the Framework component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information from the system.

CVE-2023-21238 CVSS:7.5

Google Android could allow a remote attacker to obtain sensitive information, caused by an error in the Framework component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information from the system.

CVE-2023-20942 CVSS:9.8

Google Android could allow a remote attacker to gain elevated privileges on the system, caused by an error in the Framework component. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2023-20918 CVSS:9.8

Google Android could allow a remote attacker to gain elevated privileges on the system, caused by an error in the Framework component. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges on the system.

Impact

• Information Disclosure
• Code Execution

Indicators Of Compromise

CVE

• CVE-2023-21249
• CVE-2023-21239
• CVE-2023-21238
• CVE-2023-20942
• CVE-2023-20918

Affected Vendors

Google

Affected Products

• Google Android 11
• Google Android 12
• Google Android 13

Remediation

Upgrade to the latest version of Android, available from the Google Web site.

Google Web site