PT-2023-17718 · Google · Android

Published

2023-02-15

Updated

2025-03-19

CVE-2023-20927

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description The issue is related to a permissions bypass in the AndroidManifest.xml file, which could allow granting signature permissions. This might lead to a local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android version Android-13, consider restricting access to sensitive features that rely on signature permissions until a patch is available. As a temporary workaround, review and limit the use of permissions defined in the AndroidManifest.xml file to minimize the risk of exploitation.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2023-20927

Affected Products

Android

PT-2023-17718 · Google · Android

CVE-2023-20927

Weakness Enumeration

Related Identifiers

Affected Products

References · 5