CVE-2023-20963

Confirmed PUBLISHED

In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges...

Google · Android
Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.8 High

At a Glance

In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519

cisa android
CVE Published
Mar 24, 2023
Exploitation Reported
Apr 13, 2023
CVSS
7.8 High
EPSS
Low complexity No user interaction

Affected Versions

Vendor Product Version Status
n/a
Android

Android-11 Android-12 Android-12L Android-13

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.