CVE-2023-21149 – This vulnerability allows local attackers to ac... (How to Fix)

Q: What is the severity of CVE-2023-21149?

CVE-2023-21149 has a CVSS score of 7.8 (HIGH). This vulnerability allows local attackers to activate or deactivate RCS (Rich Communication Services) on Android devices without proper permissions. It enables local privilege escalation without requiring user interaction. Affects Android devices with specific kernel versions.

📋 TL;DR

This vulnerability allows local attackers to activate or deactivate RCS (Rich Communication Services) on Android devices without proper permissions. It enables local privilege escalation without requiring user interaction. Affects Android devices with specific kernel versions.

💻 Affected Systems

Products:

Android

Versions: Android kernel versions prior to June 2023 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects Pixel devices and potentially other Android devices with similar RCS implementations.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains elevated privileges to control RCS functionality, potentially intercepting or manipulating communication services.

🟠

Likely Case

Local attacker disables RCS services, disrupting messaging capabilities on the device.

🟢

If Mitigated

Impact limited to RCS service control without broader system compromise if proper isolation exists.

🌐 Internet-Facing: LOW - Requires local access to device, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local attackers with physical or app-based access could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access but no user interaction. Exploitation likely involves crafted intents to the vulnerable receiver.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: June 2023 Android Security Update

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2023-06-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install June 2023 security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable RCS Services

android

Temporarily disable RCS functionality to remove attack surface

Settings > Apps > Messages > Disable RCS features

🧯 If You Can't Patch

Restrict physical access to devices and implement application allowlisting
Monitor for unusual RCS service state changes through device management tools

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If before June 2023, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 'June 5, 2023' or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

Unexpected RCS service activation/deactivation events in system logs
Intents to com.android.shannonrcs without proper permissions

Network Indicators:

Sudden RCS service unavailability without user action

SIEM Query:

source="android_system" AND (event="RCS_SERVICE_STATE_CHANGE" OR component="ShannonRcsService")

📊 Metadata

CVE ID: CVE-2023-21149

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

Published: June 28, 2023

Last Updated: November 21, 2024

🔗 References

https://source.android.com/security/bulletin/pixel/2023-06-01 Vendor Advisory
https://source.android.com/security/bulletin/pixel/2023-06-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21149, you might also want to check these: