CVE-2023-21177

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jun 28, 2023

Updated: Jun 30, 2023

CWE ID 862

Summary

CVE-2023-21177 is a vulnerability affecting the Android operating system in its WindowManagerService. In a specific function named requestAppKeyboardShortcuts in WindowManagerService.java, there is a missing permission check. This issue allows an attacker to infer the app a user is interacting with, leading to local information disclosure. Notably, no additional execution privileges or user interaction are required for exploitation. This vulnerability, identified as A-273906410, impacts Android-13 versions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rpg86-
https://www.cve.org/CVERecord?id=CVE-2023-21177
https://nvd.nist.gov/vuln/detail/CVE-2023-21177

Back to Vulnerability Database