Login Sign Up

CVE-2023-21138

7.8 HIGH

📋 TL;DR

This Android vulnerability allows local privilege escalation through improper input validation in CallRedirectionProcessor.java. An attacker could exploit this to launch background activities with user privileges without requiring user interaction. Affects Android 11 through 13 devices.

💻 Affected Systems

Products:
  • Android
Versions: Android 11, 12, 12L, 13
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all devices running vulnerable Android versions regardless of manufacturer modifications.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing attacker to execute arbitrary code with elevated privileges, access sensitive data, and maintain persistence.

🟠

Likely Case

Local privilege escalation allowing unauthorized background activity launches and potential data access.

🟢

If Mitigated

Limited impact with proper Android security updates and app sandboxing in place.

🌐 Internet-Facing: LOW - Requires local access to device, not directly exploitable over network.
🏢 Internal Only: HIGH - Local privilege escalation vulnerability affecting mobile devices within organization.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and user execution privileges. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin June 2023 patches

Vendor Advisory: https://source.android.com/security/bulletin/2023-06-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install June 2023 or later security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Restrict app installations

android

Only allow installation of apps from trusted sources like Google Play Store

Settings > Security > Install unknown apps > Disable for all apps

🧯 If You Can't Patch

  • Implement mobile device management (MDM) with strict app whitelisting
  • Segment vulnerable devices on separate network segments with restricted access

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is 11, 12, 12L, or 13 without June 2023 security patch, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android Security Patch Level shows 'June 5, 2023' or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual CallRedirectionProcessor activity in system logs
  • Unexpected background service launches

Network Indicators:

  • Unusual network connections from Android system processes

SIEM Query:

source="android_system_logs" AND (process="CallRedirectionProcessor" OR message="onNullBinding")

📊 Metadata

CVE ID: CVE-2023-21138
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: June 15, 2023
Last Updated: December 17, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21138, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)