Login Sign Up

CVE-2023-20918

9.8 CRITICAL

📋 TL;DR

This CVE-2023-20918 is an Android elevation of privilege vulnerability in the ActivityOptions framework. It allows malicious apps to execute arbitrary code with elevated privileges without user interaction. All Android devices running vulnerable versions are affected.

💻 Affected Systems

Products:
  • Android
Versions: Android 11, 12, 12L, 13
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All Android devices running affected versions are vulnerable by default.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent malware, access sensitive data, and control device functions.

🟠

Likely Case

Malicious apps gaining system-level privileges to steal data, install additional payloads, or perform unauthorized actions.

🟢

If Mitigated

Limited impact if devices are patched and app permissions are properly restricted.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

No user interaction required, but requires malicious app installation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin July 2023 patches

Vendor Advisory: https://source.android.com/security/bulletin/2023-07-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install the July 2023 security patch. 3. Restart device after installation.

🔧 Temporary Workarounds

Restrict app installations

all

Only install apps from trusted sources like Google Play Store

Review app permissions

all

Regularly audit and restrict app permissions in device settings

🧯 If You Can't Patch

  • Isolate affected devices from sensitive networks and data
  • Implement mobile device management (MDM) with strict app control policies

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is 11, 12, 12L, or 13 without July 2023 patches, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android Security Patch Level shows 'July 5, 2023' or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual PendingIntent activity in system logs
  • Unexpected privilege escalation attempts

Network Indicators:

  • Suspicious app communication patterns from system-level processes

SIEM Query:

Search for PendingIntent abuse patterns in Android system logs

📊 Metadata

CVE ID: CVE-2023-20918
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-611
Published: July 13, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-20918, you might also want to check these:

CVE-2022-22486 10.0

This CVE describes an XML External Entity (XXE) vulnerability in IBM Tivoli Workload Scheduler that ...

Same vulnerability type (CWE-611)
CVE-2025-30220 9.9

This XXE vulnerability in GeoServer's GeoTools Schema class allows attackers to read arbitrary files...

Same vulnerability type (CWE-611)
CVE-2023-27874 9.9

IBM Aspera Faspex 4.4.2 contains an XML external entity injection (XXE) vulnerability that allows au...

Same vulnerability type (CWE-611)