CISA KEV 정보
| 취약점명 | Android Pixel Information Disclosure Vulnerability |
|---|---|
| 설명 | Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information. |
| 조치사항 | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-200 |
| 등록일 (KEV) | 2024-03-05 |
| 조치 기한 | 2024-03-26 |
| 추가 참고 | https://source.android.com/docs/security/bulletin/pixel/2023-06-01; https://nvd.nist.gov/vuln/detail/CVE-2023-21237 |
NVD 상세 정보
CVSS v3.1: 5.5 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N설명: In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912
CWE: CWE-200
참조
- https://source.android.com/security/bulletin/pixel/2023-06-01 [Vendor Advisory]
- https://source.android.com/security/bulletin/pixel/2023-06-01 [Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21237 [Third Party Advisory, US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.