March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple IBM QRadar SIEM Vulnerabilities
October 17, 2023Rewterz Threat Advisory – CVE-2023-5360 – WordPress WP Royal Elementor Addons and Templates Plugin Vulnerability Exploit in the Wild
October 17, 2023Rewterz Threat Advisory – Multiple IBM QRadar SIEM Vulnerabilities
October 17, 2023Rewterz Threat Advisory – CVE-2023-5360 – WordPress WP Royal Elementor Addons and Templates Plugin Vulnerability Exploit in the Wild
October 17, 2023
Severity
High
Analysis Summary
CVE-2023-35646 CVSS:9.8
Google Android is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Shannon baseband component. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2023-35647 CVSS:7.5
Google Android could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read due to a missing bounds check flaw in the ProtocolEmbmsGlobalCellIdAdapter::Init() function in protocolembmsadapter.cpp. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-35648 CVSS:7.5
Google Android could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read due to a missing bounds check flaw in the ProtocolMiscLceIndAdapter::GetConfLevel() function in protocolmiscadapter.cpp. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-21266 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a permissions bypass in killBackgroundProcesses of ActivityManagerService.java. By executing a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-35652 CVSS:7.5
Google Android could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read due to a missing bounds check flaw in the ProtocolEmergencyCallListIndAdapter::Init function in protocolcalladapter.cpp. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Code Execution
- Gain Access
- Information Theft
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-35646
- CVE-2023-35647
- CVE-2023-35648
- CVE-2023-21266
- CVE-2023-35652
Affected Vendors
Affected Products
- Google Android
Remediation
Upgrade to the latest version of Android, available from the Google Web site