CVE-2023-21246

CVSS 3.1 Score 3.3 of 10 (low)

Details

Published Jul 13, 2023

Updated: Jul 25, 2023

CWE ID 754

Summary

CVE-2023-21246 is a vulnerability affecting ShortcutInfo.java in the ShortcutInfo class. It permits an app to maintain notification listening access due to an uncaught exception, which can result in a local privilege escalation without requiring additional execution privileges. This exploit is triggered without user interaction.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ruas4T
https://www.cve.org/CVERecord?id=CVE-2023-21246
https://nvd.nist.gov/vuln/detail/CVE-2023-21246

Back to Vulnerability Database