CVSS Score of 10 (low)


Published Jun 28, 2023
Updated: Jul 5, 2023
CWE ID 502


CVE-2023-21206 is a vulnerability found in Android versions up to Android-13, specifically in the initiateVenueUrlAnqpQueryInternal function of sta_iface.cpp. This vulnerability allows for an out of bounds read due to unsafe deserialization, potentially leading to local information disclosure with system execution privileges. No user interaction is required for exploitation. The affected products are Android-based devices. To remediate this vulnerability, users should update their Android operating systems to the latest version as soon as it becomes available. If left unaddressed, this vulnerability poses a medium risk to organizations, with a base severity score of 4.4 and a high level of privileges required for exploitation. The confidentiality impact is rated as high, while integrity and availability impacts are rated as none.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-21206 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options