What is CVE-2023-45777?

CVE-2023-45777 is a high-severity vulnerability in Android versions 13 and 14. Known as an Elevation of Privilege (EoP), it allows attackers to launch arbitrary activities using system privileges due to a Parcel Mismatch in AccountManagerService.java. This vulnerability does not require user interaction and can lead to local escalation of privilege, posing a significant risk to affected systems.

Who is impacted by this?

CVE-2023-45777 affects users of Android devices running versions 13 and 14. This high-severity issue allows attackers to launch arbitrary activities using system privileges without user interaction. Android device users with security patch levels before 2023-12-01 or 2023-12-05, as well as those using Android 11, 12, 12L, 13, and 14, should be aware of this vulnerability.

What to do if CVE-2023-45777 affected you

If you're affected by the CVE-2023-45777 vulnerability, it's crucial to take immediate action to protect your Android device. Follow these simple steps:

1. Update your Android device to the latest version, if possible.

2. Ensure Google Play Protect is enabled on your device.

3. Install the latest security updates and Google Play system updates.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-45777 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue, which allows attackers to launch activities using system privileges without user interaction, was added to the National Vulnerability Database on December 4, 2023.

Weakness Enumeration

The weakness enumeration for this vulnerability is "Insufficient Information," indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

• Android Security Bulletin—December 2023

• CVE Record | CVE