cbcvebase.
CVE-2023-21237
published 2023-06-28

CVE-2023-21237: In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI…

PriorityP278medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-03-26
Exploited in the wild
EPSS
0.26%
17.7th percentile
In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912

Affected

4 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
platformframeworks_base>= 13-next:0 < 13-next:2023-06-0113-next:2023-06-01
platformframeworks_base>= 13:0 < 13:2023-06-0113:2023-06-01

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability exists in NotificationContentInflater.java within the Android Framework component — monitor for suppressed or hidden foreground service notifications on Android 13 devices, which may indicate exploitation
  • Exploitation requires no user interaction and no additional execution privileges — any local process on an unpatched Android 13 / Pixel device could exploit this silently
  • Refer to the June 2023 Android Pixel Security Bulletin for patch details and affected build fingerprints to identify unpatched devices in your fleet
  • ·Vulnerability is limited to Android 13 (Pixel devices specifically called out by CISA); other Android versions are not listed as affected
  • ·Exploitation is local only — no network-based detection vector exists; focus detection efforts on endpoint/device telemetry rather than network traffic

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vulncheck5.5MEDIUM
cisa5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.