CVE-2023-21185 – This vulnerability allows a guest user on Andro... (How to Fix)

Q: What is the severity of CVE-2023-21185?

CVE-2023-21185 has a CVSS score of 7.8 (HIGH). This vulnerability allows a guest user on Android devices to escalate privileges without requiring any permissions or user interaction. It affects Android 13 devices where the guest user account is enabled, potentially allowing unauthorized access to WiFi network configuration functions.

📋 TL;DR

This vulnerability allows a guest user on Android devices to escalate privileges without requiring any permissions or user interaction. It affects Android 13 devices where the guest user account is enabled, potentially allowing unauthorized access to WiFi network configuration functions.

💻 Affected Systems

Products:

Android

Versions: Android 13

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with guest user account enabled. Pixel devices specifically mentioned in bulletins.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Guest user gains full administrative control over WiFi settings, could potentially intercept network traffic, modify network configurations, or access restricted network resources.

🟠

Likely Case

Guest user modifies WiFi settings, connects to unauthorized networks, or disrupts legitimate network connectivity.

🟢

If Mitigated

With proper access controls and guest account restrictions, impact is limited to WiFi configuration changes only.

🌐 Internet-Facing: LOW - Exploitation requires local device access, not remote network access.

🏢 Internal Only: HIGH - Guest users on shared devices can exploit this without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires guest user access but no additional permissions. No user interaction needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Update June 2023

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2023-06-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install June 2023 security update. 3. Restart device after installation.

🔧 Temporary Workarounds

Disable Guest User Account

android

Remove guest user access to prevent exploitation

Settings > System > Multiple users > Guest > Remove guest

Restrict WiFi Settings Access

android

Use device management policies to restrict WiFi configuration changes

🧯 If You Can't Patch

Disable guest user accounts on all shared Android devices
Implement network segmentation to limit WiFi configuration impact

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is 13 and security patch level is before June 2023, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android Security Patch Level shows 'June 5, 2023' or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

Unauthorized WiFi configuration changes by guest user
Permission denial logs for WiFiNetworkFactory functions

Network Indicators:

Unexpected WiFi network connections from guest accounts
Changes to saved WiFi networks

SIEM Query:

source="android_system" AND (event="wifi_config_change" AND user="guest")

📊 Metadata

CVE ID: CVE-2023-21185

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

Published: June 28, 2023

Last Updated: November 21, 2024

🔗 References

https://source.android.com/security/bulletin/pixel/2023-06-01 Vendor Advisory
https://source.android.com/security/bulletin/pixel/2023-06-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21185, you might also want to check these: