Tactic: Execution (TA0002)
Technique: Remote Code Execution (T1203):
- Multiple vulnerabilities in System that could allow for remote code execution. (CVE-2023-20951, CVE-2023-20954)
- Multiple vulnerabilities in Qualcomm closed-source components that could allow for remote code execution. (CVE-2022-33213, CVE-2022-33256)
Tactic: Privilege Escalation (TA0004)
Technique: Exploitation for Privilege Escalation (T1068):
- Multiple vulnerabilities in Framework that could allow for escalation of privilege. (CVE-2023-20906, CVE-2023-20911, CVE-2023-20917, CVE-2023-20947, CVE-2023-20963)
- Multiple vulnerabilities in System that could allow for escalation of privilege. (CVE-2023-20926, CVE-2023-20931, CVE-2023-20936, CVE-2023-20953, CVE-2023-20955, CVE-2023-20957, CVE-2023-20959, CVE-2023-20960, CVE-2023-20966)
- A vulnerability in Kernel that could allow for escalation of privilege. (CVE-2021-33655)
- Multiple vulnerabilities in MediaTek that could allow for escalation of privilege. (CVE-2023-20620, CVE-2023-20621, CVE-2023-20623)
Details of lower-severity vulnerabilities are as follows:
- Multiple vulnerabilities in Framework that could allow for information disclosure. (CVE-2023-20956, CVE-2023-20958)
- Multiple vulnerabilities in System that could allow for information disclosure. (CVE-2022-4452, CVE-2022-20467, CVE-2023-20929, CVE-2023-20952, CVE-2023-20962, CVE-2022-20499, CVE-2023-20910)
- Multiple vulnerabilities in Framework that could allow for denial of service. (CVE-2023-20964)
- Multiple vulnerabilities in System that could allow for denial of service. (CVE-2022-20499, CVE-2023-20910)
- Multiple vulnerabilities in Unisoc components. (CVE-2022-47459, CVE-2022-47461, CVE-2022-47462, CVE-2022-47460)
- Multiple vulnerabilities in Qualcomm components. (CVE-2022-22075, CVE-2022-40537, CVE-2022-40540)
- Multiple vulnerabilities in Qualcomm closed-source components. (CVE-2022-25655, CVE-2022-25694, CVE-2022-25705, CVE-2022-25709, CVE-2022-33242, CVE-2022-33244, CVE-2022-33250, CVE-2022-33254, CVE-2022-33272, CVE-2022-33278, CVE-2022-33309, CVE-2022-40515, CVE-2022-40527, CVE-2022-40530, CVE-2022-40531, CVE-2022-40535)
Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
RECOMMENDATIONS:
We recommend the following actions be taken:
- Apply appropriate patches provided by Google to vulnerable systems, immediately after appropriate testing. (M1051: Update Software)
o Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
o Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
o Safeguard 7.5: Perform Automated Vulnerability Scans of Internal Enterprise Assets: Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant vulnerability scanning tool.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources. (M1017: User Training)
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
o Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Apple® System Integrity Protection (SIP) and Gatekeeper™.