Login Sign Up

CVE-2023-20962

5.5 MEDIUM

📋 TL;DR

This vulnerability in Android 13 allows malicious apps to start foreground activities from the background using an unsafe PendingIntent, potentially exposing sensitive information from other apps. It affects Android 13 devices and requires no user interaction or special permissions to exploit.

💻 Affected Systems

Products:
  • Android
Versions: Android 13
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Android 13. Earlier versions and Android 14+ are not vulnerable.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious app could access and exfiltrate sensitive data from other applications, including personal information, messages, or authentication tokens.

🟠

Likely Case

Information disclosure where malicious apps can access limited data from other applications running in the foreground.

🟢

If Mitigated

With proper app sandboxing and security updates, impact is limited to information disclosure within the app's permissions scope.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring app installation on the device.
🏢 Internal Only: MEDIUM - Malicious apps could be installed via enterprise app stores or sideloading, potentially exposing corporate data on mobile devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires malicious app installation but no user interaction for exploitation. Exploit requires understanding of Android PendingIntent mechanisms.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2023-03-01 or later

Vendor Advisory: https://source.android.com/security/bulletin/2023-03-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install the March 2023 security patch or later. 3. Restart device after installation.

🔧 Temporary Workarounds

Disable unknown sources

android

Prevent installation of malicious apps from unknown sources

Settings > Security > Install unknown apps > Disable for all apps

Use Google Play Protect

android

Enable Google's built-in malware scanning for apps

Settings > Security > Google Play Protect > Scan device for security threats

🧯 If You Can't Patch

  • Restrict app installations to trusted sources only (Google Play Store, enterprise app stores)
  • Implement mobile device management (MDM) to control app installations and monitor for suspicious behavior

🔍 How to Verify

Check if Vulnerable:

Check Android version and security patch level: Settings > About phone > Android version and Security patch level

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level is March 2023 or later: Settings > About phone > Security patch level

📡 Detection & Monitoring

Log Indicators:

  • Unusual foreground activity starts from background processes
  • Suspicious PendingIntent usage in app logs

Network Indicators:

  • Unexpected data exfiltration from mobile apps to unknown destinations

SIEM Query:

source="android_logs" AND ("PendingIntent" OR "startActivity") AND suspicious_pattern

📊 Metadata

CVE ID: CVE-2023-20962
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-926
Published: March 24, 2023
Last Updated: February 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-20962, you might also want to check these:

CVE-2025-15464 7.5

This vulnerability allows external applications to bypass security controls and directly launch Gmai...

Same vulnerability type (CWE-926)
CVE-2023-41960 7.1

This vulnerability allows unprivileged third-party Android apps to interact with an improperly secur...

Same vulnerability type (CWE-926)
CVE-2025-8523 5.3

This vulnerability in RiderLike Fruit Crush-Brain App 1.0 for Android allows improper export of appl...

Same vulnerability type (CWE-926)