CVE-2023-21113 – This CVE describes a confused deputy vulnerabil... (How to Fix)

Q: What is the severity of CVE-2023-21113?

CVE-2023-21113 has a CVSS score of 7.8 (HIGH). This CVE describes a confused deputy vulnerability in Android that allows local privilege escalation without user interaction. Attackers can bypass permission checks to gain elevated privileges on affected devices. This affects Android devices running vulnerable versions.

📋 TL;DR

This CVE describes a confused deputy vulnerability in Android that allows local privilege escalation without user interaction. Attackers can bypass permission checks to gain elevated privileges on affected devices. This affects Android devices running vulnerable versions.

💻 Affected Systems

Products:

Android

Versions: Android versions prior to the June 2024 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Affects multiple Android components including build/soong, frameworks/base, and prebuilts/module_sdk/Wifi.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to execute arbitrary code with system privileges, access sensitive data, and persist malware.

🟠

Likely Case

Local attackers gaining elevated privileges to access protected data, install malicious apps, or modify system settings.

🟢

If Mitigated

Limited impact with proper patch management and security controls in place, though risk remains for unpatched devices.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring physical or local access to the device.

🏢 Internal Only: HIGH - Significant risk for organizations with unpatched Android devices that could be exploited by malicious insiders or compromised accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access but no user interaction. The confused deputy attack vector suggests exploitation involves tricking privileged components into performing unauthorized actions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: June 2024 Android Security Patch

Vendor Advisory: https://source.android.com/security/bulletin/2024-06-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Apply the June 2024 security patch. 3. Restart the device after installation. 4. Verify the patch is applied by checking the security patch level.

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and local access to Android devices to reduce attack surface

Disable unnecessary services

android

Disable or restrict services that could be exploited via confused deputy attacks

🧯 If You Can't Patch

Isolate affected devices from sensitive networks and data
Implement strict access controls and monitoring for local device access

🔍 How to Verify

Check if Vulnerable:

Check Settings > About phone > Android security patch level. If before June 2024, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows June 2024 or later in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

Unusual permission escalation attempts
Suspicious process creation with elevated privileges
Failed permission checks in system logs

Network Indicators:

Not applicable - local attack vector

SIEM Query:

source="android_logs" AND (event_type="permission_violation" OR process_name="*escalation*" OR message="*confused deputy*")

📊 Metadata

CVE ID: CVE-2023-21113

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: July 9, 2024

Last Updated: March 13, 2025

🔗 References

https://android.googlesource.com/platform/build/soong/+/e7b7f0833dc47ade981eddfbf462dcc143dddd10 Mailing List,Patch
https://android.googlesource.com/platform/frameworks/base/+/17dd11248a66b2722aa3ef07701b7f09a64160e5 Mailing List,Patch
https://android.googlesource.com/platform/prebuilts/module_sdk/Wifi/+/c705bae1a4d50bd7b4f8cc919097d1aae568dd22 Mailing List,Patch
https://source.android.com/security/bulletin/2024-06-01 Patch,Vendor Advisory
https://android.googlesource.com/platform/build/soong/+/e7b7f0833dc47ade981eddfbf462dcc143dddd10 Mailing List,Patch
https://android.googlesource.com/platform/frameworks/base/+/17dd11248a66b2722aa3ef07701b7f09a64160e5 Mailing List,Patch
https://android.googlesource.com/platform/prebuilts/module_sdk/Wifi/+/c705bae1a4d50bd7b4f8cc919097d1aae568dd22 Mailing List,Patch
https://source.android.com/security/bulletin/2024-06-01 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21113, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Android by Google

Android by Google

Android by Google

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local access

Disable unnecessary services

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities