CVE-2023-45777

7.8HIGH

Key Information

Vendor: Google
Status: Android
Vendor: CVE Published:; 4 December 2023

Badges

👾 Exploit Exists🔴 Public PoC

Summary

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Version(s)

Android = 14

Android = 13

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

TheLastBundleMismatch
Created by michalbednarski

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Jan 20, 2024
Vulnerability published.
Dec 4, 2023
Vulnerability Reserved.
Oct 12, 2023

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)