CVE-2023-21237
published 2023-06-28CVE-2023-21237: In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI…
PriorityP278medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-03-26
Exploited in the wild
EPSS
0.26%
17.7th percentile
In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| platform | frameworks_base | >= 13-next:0 < 13-next:2023-06-01 | 13-next:2023-06-01 |
| platform | frameworks_base | >= 13:0 < 13:2023-06-01 | 13:2023-06-01 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability exists in NotificationContentInflater.java within the Android Framework component — monitor for suppressed or hidden foreground service notifications on Android 13 devices, which may indicate exploitation ↗
- →Exploitation requires no user interaction and no additional execution privileges — any local process on an unpatched Android 13 / Pixel device could exploit this silently ↗
- →Refer to the June 2023 Android Pixel Security Bulletin for patch details and affected build fingerprints to identify unpatched devices in your fleet ↗
- ·Vulnerability is limited to Android 13 (Pixel devices specifically called out by CISA); other Android versions are not listed as affected ↗
- ·Exploitation is local only — no network-based detection vector exists; focus detection efforts on endpoint/device telemetry rather than network traffic ↗
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vulncheck5.5MEDIUM
cisa5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qhm9-gg74-g6m6: In applyRemoteView of NotificationContentInflater
ghsa_unreviewed·2023-06-28
CVE-2023-21237 [MEDIUM] CWE-200 GHSA-qhm9-gg74-g6m6: In applyRemoteView of NotificationContentInflater
In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912
OSV
CVE-2023-21237: In applyRemoteView of NotificationContentInflater
osv·2023-06-01
CVE-2023-21237 CVE-2023-21237: In applyRemoteView of NotificationContentInflater
In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
VulnCheck
Android Pixel Information Disclosure Vulnerability
vulncheck·2023·CVSS 5.5
CVE-2023-21237 [MEDIUM] CWE-200 Android Pixel Information Disclosure Vulnerability
Android Pixel Information Disclosure Vulnerability
Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information.
Affected: Android Pixel
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://source.android.com/docs/security/bulletin/pixel/2023-06-01; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2024-03-26
CISA
Android Pixel Information Disclosure Vulnerability
cisa·2024-03-05·CVSS 5.5
CVE-2023-21237 [MEDIUM] CWE-200 Android Pixel Information Disclosure Vulnerability
Vulnerability: Android Pixel Information Disclosure Vulnerability
Affected: Android Pixel
Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://source.android.com/docs/security/bulletin/pixel/2023-06-01; https://nvd.nist.gov/vuln/detail/CVE-2023-21237
Remediation Due Date: 2024-03-26
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-28
Published
2024-03-05
Added to CISA KEV
Exploited in the wild