CVE-2023-21237

MEDIUM KEV

Google Android - Information Disclosure

Title source: rule

Description

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912

References (2)

[Vendor Advisory] https://source.android.com/security/bulletin/pixel/2023-06-01

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21237

Scores

CVSS v3 5.5

EPSS 0.0072

EPSS Percentile 72.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2024-03-05

VulnCheck KEV 2023-06-13

InTheWild.io 2024-03-05

ENISA EUVD EUVD-2023-25405

CWE

CWE-200

Status published

Products (1)

google/android 13.0

Published Jun 28, 2023

KEV Added Mar 05, 2024

Tracked Since Feb 18, 2026