9VSA23-00857-01 CSIRT comparte información de vulnerabilidades incluidas en Boletín de Seguridad de Android para julio 2023
El CSIRT de Gobierno comparte información de nuevas vulnerabilidades parchadas por Google en su Boletín de seguridad de Android de julio 2023.
Resumen
El CSIRT de Gobierno comparte información de nuevas vulnerabilidades parchadas por Google en su Boletín de seguridad de Android de julio 2023.
Vulnerabilidades
CVE-2021-0948
CVE-2021-29256
CVE-2022-28350
CVE-2022-42703
CVE-2023-20754
CVE-2023-20755
CVE-2023-20910
CVE-2023-20918
CVE-2023-20942
CVE-2023-21087
CVE-2023-21145
CVE-2023-21238
CVE-2023-21239
CVE-2023-21240
CVE-2023-21241
CVE-2023-21243
CVE-2023-21245
CVE-2023-21246
CVE-2023-21247
CVE-2023-21248
CVE-2023-21249
CVE-2023-21250
CVE-2023-21251
CVE-2023-21254
CVE-2023-21255
CVE-2023-21256
CVE-2023-21257
CVE-2023-21261
CVE-2023-21262
CVE-2023-2136
CVE-2023-21629
CVE-2023-21631
CVE-2023-21672
CVE-2023-22386
CVE-2023-22387
CVE-2023-22667
CVE-2023-24851
CVE-2023-24854
CVE-2023-25012
CVE-2023-26083
CVE-2023-28147
CVE-2023-28541
CVE-2023-28542
Impacto
Vulnerabilidades de riesgo crítico
CVE-2023-21250: Esta vulnerabilidad puede dar lugar a la ejecución remota de código sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación.
CVE-2023-21629: Vulnerabilidad en componentes de Qualcomm.
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Productos afectados
Dispositivos Android.
Enlaces
https://source.android.com/docs/security/bulletin/2023-07-01?hl=es-419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0948
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20910
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21243
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28542
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00857-01.