External risk intelligence

Android Local Privilege Escalation Vulnerability

CVE advisoryKnown Exploit

CVE-2023-35674

A logic error in Android's window management allows local privilege escalation without user interaction. This impacts affected systems and data integrity by enabling unauthorized privilege increases. Organizations should identify and mitigate the risk to these systems.

1Halo Surface Signal

Google Android

11.012.012.113.0

External exposure likelihood

Halo Surface Signal score for CVE-2023-35674

The vulnerability exists within the Android operating system framework code responsible for managing window states. Exploitation requires local access to the device and cannot be triggered remotely or via public-internet-facing services, making it inherently local and not network-reachable.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

A logic error within the Android operating system's window management code can allow a background activity to be launched. This could lead to an escalation of privileges on the affected device. This issue does not require user interaction to be exploited.

  • Vulnerable Android window management code
  • Logic error permits background activity launch
  • Local privilege escalation impact

Attack Path

How an attacker could exploit the issue

A logic error in the Android framework's window state management allows for a background activity to be launched. This could enable an attacker with local access to escalate privileges on the affected device. Exploitation does not require user interaction to succeed.

  • Local access to the device.
  • Attacker triggers logic error.
  • Privilege escalation occurs.

Live Threat

Current exploitation, exposure, and threat context

A logic error in the Android framework's window state management allows for privilege escalation. This vulnerability can be exploited locally without needing additional execution privileges, and user interaction is not required. The potential for local privilege escalation indicates a significant risk to affected systems and data.

  • Attackers with basic local access.
  • Exploitation requires local access.
  • Significant business risk.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

A logic error in Android's window state management could allow an attacker with local access to escalate privileges without needing further execution permissions. This vulnerability does not require user interaction for exploitation and impacts the integrity and confidentiality of data. Organizations should prioritize actions to identify and mitigate the risk to affected systems.

  • Find affected assets.
  • Reduce exposure or isolate risk.
  • Fix, verify, and monitor.

Frequently asked questions

What is the primary software context for CVE-2023-35674?

CVE-2023-35674 is associated with the Android operating system, specifically a logic error within the WindowState.java file concerning the onCreate method. This vulnerability affects Google's Android product across multiple versions, including Android 11.0, 12.0, 12.1, and 13.0.

How is the vulnerability in CVE-2023-35674 classified, and what is the underlying weakness?

This vulnerability is classified as a HIGH severity issue with a base CVSS score of 7.8. The weakness stems from CWE-269, which pertains to the improper privilege assignment. It allows for local escalation of privilege without needing additional execution privileges.

What is the trigger path for this vulnerability, and what is the scope of impact?

The vulnerability can be triggered by a logic error in the onCreate method of WindowState.java, potentially allowing a background activity to be launched. This leads to a local escalation of privilege with no additional execution privileges needed, and user interaction is not required for exploitation. The scope is local, meaning an attacker must have existing access to the device.

How relevant is CVE-2023-35674, considering its technical details and potential impact?

The vulnerability is relevant due to its potential for local privilege escalation on Android devices without requiring user interaction. While it requires local access, the ability to elevate privileges significantly impacts the device's security posture. Halo classifies this CVE as internal because the Attack Vector is Local.

What practical steps should be taken in response to this vulnerability?

Organizations should identify affected Android assets running versions 11.0 through 13.0. It is crucial to apply mitigations provided by Google through security bulletins. Discontinuing use of the product should be considered if mitigations are unavailable. Verifying that fixes are correctly implemented and monitoring for any residual risks are also essential steps.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified