Login Sign Up

CVE-2023-21328

7.8 HIGH

📋 TL;DR

This vulnerability in Android's Package Installer allows attackers to detect whether specific apps are installed without requiring query permissions, bypassing normal security controls. This information disclosure could enable local privilege escalation attacks on affected Android devices. The vulnerability affects Android devices running vulnerable versions of the operating system.

💻 Affected Systems

Products:
  • Android Package Installer
Versions: Android versions before Android 14
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All Android devices running vulnerable versions are affected by default; no special configuration required.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could combine this information disclosure with other vulnerabilities to achieve full device compromise, potentially accessing sensitive data or installing malicious apps.

🟠

Likely Case

Attackers could fingerprint installed apps to identify vulnerable targets for further exploitation or gather intelligence about device usage patterns.

🟢

If Mitigated

With proper Android security updates, the vulnerability is completely patched and no longer exploitable.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or network access to the device.
🏢 Internal Only: MEDIUM - Malicious apps or users with local access could exploit this to gather intelligence about installed applications.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the device but no user interaction. The vulnerability is relatively straightforward to exploit once identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android 14 (October 2023 security update)

Vendor Advisory: https://source.android.com/docs/security/bulletin/android-14

Restart Required: Yes

Instructions:

1. Update Android device to Android 14 or later. 2. Apply October 2023 security patches. 3. Restart device after update completion.

🔧 Temporary Workarounds

Restrict app installation sources

android

Only allow app installations from trusted sources like Google Play Store

Settings > Security > Install unknown apps > Disable for all apps

🧯 If You Can't Patch

  • Implement mobile device management (MDM) to control app installations
  • Use application allowlisting to restrict which apps can be installed

🔍 How to Verify

Check if Vulnerable:

Check Android version: Settings > About phone > Android version. If version is below 14, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.release

Verify Fix Applied:

Verify Android version is 14 or higher and security patch level is October 2023 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Package Installer activity
  • Multiple app installation queries from same source

Network Indicators:

  • Not applicable - local vulnerability only

SIEM Query:

Not applicable for typical enterprise SIEM as this is a mobile device vulnerability

📊 Metadata

CVE ID: CVE-2023-21328
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-862
Published: October 30, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21328, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)