Possible Parcel Mismatch Leads to Local Escalation of Privilege without Additional Execution Privileges
CVE-2023-20963
Key Information:
- Vendor
- Status
- Android
- Vendor
- CVE Published:
- 24 March 2023
Badges
What is CVE-2023-20963?
CVE-2023-20963 is a significant vulnerability found in the Android operating system, specifically within the WorkSource component. This vulnerability presents a risk of local privilege escalation, which allows malicious actors to gain elevated permissions on affected devices without requiring additional execution privileges or user interaction. As Android is widely used across various mobile devices, organizations that rely on this operating system may face substantial security risks, including unauthorized access to sensitive data and potential control over the device, thereby jeopardizing both user privacy and organizational integrity.
Technical Details
The vulnerability arises from a possible parcel mismatch within the WorkSource functionality of Android, affecting versions 11 to 13, inclusive of Android 12L. Essentially, this flaw can be exploited to manipulate permissions and escalate user privileges locally. The design or implementation error does not necessitate user interaction, making it particularly dangerous as it can be exploited stealthily by attackers with minimal effort.
Potential impact of CVE-2023-20963
-
Unauthorized Access: The possibility of escalating privileges means that an attacker could gain unauthorized access to areas of the system that should be restricted, facilitating data theft and manipulation.
-
Increased Malware Propagation: With elevated privileges, attackers could deploy malware more effectively, increasing the risk of widespread infections within organizations that utilize affected Android devices.
-
Compromise of User Data: Once access is gained, sensitive user data stored on the device can be targeted, leading to privacy violations and potential regulatory repercussions for organizations that handle personal information.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply updates per vendor instructions.
Affected Version(s)
Android Android-11 Android-12 Android-12L Android-13
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CISA adds Android zero-day that infected Chinese shopping app to KEV catalog
An Android zero-day that exploited millions of devices via a Chinese ecommerce app was added to CISA's catalog of known exploited vulnerabilities.
1 month ago
Ars TechnicaCVE-2023-20963Android app from China executed 0-day exploit on millions of devices
Fast-growing e-commerce app Pinduoduo had an EvilParcel stow-away.
1 month ago
The Hacker NewsCVE-2023-20963Severe Android and Novi Survey Vulnerabilities Under Active Exploitation
U.S. CISA adds two new vulnerabilities to its KEV catalog, warning of active exploitation of Android and Novi Survey flaws.
1 month ago
References
CVSS V3.1
Timeline
- π₯
Vulnerability reached the number 1 worldwide trending spot
- π
Vulnerability started trending
- π°
First article discovered by The Register
- π‘
Public PoC available
- π°
Used in Ransomware
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published
Vulnerability Reserved