The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The two flaws are listed below –
- CVE-2023-20963 (CVSS score: 7.8) – Android Framework Privilege Escalation Vulnerability
- CVE-2023-29492 (CVSS score: TBD) – Novi Survey Insecure Deserialization Vulnerability
“Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed,” CISA said in an advisory for CVE-2023-20963.