CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Pierluigi Paganini March 06, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel and Sunhillo SureLine vulnerabilities to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)  the following vulnerabilities to its :

  •  Android Pixel Information Disclosure Vulnerability
  •  Sunhillo SureLine OS Command Injection Vulnerablity

The Android Pixel vulnerability, tracked as CVE-2023-21237, resides in applyRemoteView of NotificationContentInflater.java. The exploitation of this vulnerability could lead to local information disclosure with no additional execution privileges needed. The exploitation doesn’t require user interaction.

Google addressed the issue in June 2023, the IT giant is aware of “limited, targeted exploitation.”

“There are indications that CVE-2023-21237 may be under limited, targeted exploitation.” reads the published by the company.

The issue is likely chained with other flaws in an exploit used by a commercial spyware vendor or a nation-state actor.

The second issue added to the Catalog is an in Sunhillo SureLine. The exploitation of the flaw can allow to execute arbitrary commands with root privileges.

The exploitation can lead to complete system compromise.

According to , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the  and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by March 26, 2024.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – ransomware, CISA



you might also like

leave a comment