Login Sign Up

CVE-2023-21272

7.8 HIGH

📋 TL;DR

This vulnerability in Android's Uri.java allows improper URI permission grants due to insufficient input validation. It enables local privilege escalation without requiring user interaction or additional execution privileges. All Android devices running vulnerable versions are affected.

💻 Affected Systems

Products:
  • Android
Versions: Android versions prior to the August 2023 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All Android devices with unpatched versions are vulnerable by default; no special configuration required.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains elevated system privileges, potentially accessing sensitive data, modifying system files, or installing persistent malware.

🟠

Likely Case

Malicious apps exploit this to bypass sandbox restrictions, access other apps' data, or perform unauthorized system operations.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated; with app sandboxing and minimal permissions, impact is limited even if exploited.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access or malicious app installation.
🏢 Internal Only: HIGH - Malicious apps or users with physical/network access to devices can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting malicious URIs but doesn't need user interaction; local access or malicious app installation is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2023 Android Security Patch or later

Vendor Advisory: https://source.android.com/security/bulletin/2023-08-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install the August 2023 or later security patch. 3. Reboot the device after installation.

🔧 Temporary Workarounds

Restrict app installations

android

Only install apps from trusted sources like Google Play Store to reduce risk of malicious apps exploiting this vulnerability.

Minimize app permissions

android

Review and restrict unnecessary permissions for installed apps to limit potential damage if exploited.

🧯 If You Can't Patch

  • Isolate vulnerable devices from critical networks and sensitive data
  • Implement application allowlisting to prevent unauthorized app installations

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version > Security patch level. If before August 2023, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows August 2023 or later date after applying update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual permission grants in system logs
  • Suspicious URI parsing activities

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Not applicable for typical SIEM monitoring of this local Android vulnerability

📊 Metadata

CVE ID: CVE-2023-21272
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: August 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21272, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)