cbcvebase.
CVE-2023-20963
published 2023-03-24

CVE-2023-20963: In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User…

PriorityP182high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2023-05-04
Exploited in the wild
EPSS
1.44%
70.0th percentile
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519

Affected

11 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
platformframeworks_base>= 11:0 < 11:2023-03-0111:2023-03-01
platformframeworks_base>= 12:0 < 12:2023-03-0112:2023-03-01
platformframeworks_base>= 12L:0 < 12L:2023-03-0112L:2023-03-01
platformframeworks_base>= 13-next:0 < 13-next:2023-03-0113-next:2023-03-01
platformframeworks_base>= 13:0 < 13:2023-03-0113:2023-03-01

Detection & IOCsextracted from sources · hover to see the quote

  • Post-exploitation behavior includes downloading and executing additional code from a developer-designated remote site within a privileged environment; monitor for privileged processes spawning network connections to fetch and execute remote payloads.
  • CVE-2023-20963 affects Android Framework (WorkSource parcel mismatch / EoP) on AOSP versions 11, 12, 12L, and 13; verify patch level against the 2023-03-01 Android Security Bulletin.
  • ·The vulnerability requires no additional execution privileges and no user interaction, but exploitation context observed was app-based (requires the malicious app to be installed on the device).

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.