Lucene search

LGECVELIST:CVE-2023-44127

HistorySep 27, 2023 - 2:05 p.m.

CVE-2023-44127 Call management - Implicit activity intents disclose contact details and phone numbers

2023-09-2714:05:24

CWE-927

LGE

www.cve.org

vulnerability

call management

implicit intents

sensitive data

third-party apps

contact details

phone numbers

cve-2023-44127

CVSS3

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

15.7%

JSON

he vulnerability is that the Call management (“com.android.server.telecom”) app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "LG V60 Thin Q 5G(LMV600VM)",
    "vendor": "LG Electronics",
    "versions": [
      {
        "lessThanOrEqual": "13",
        "status": "affected",
        "version": "Android 8",
        "versionType": "Android"
      }
    ]
  }
]

References

lgsecurity.lge.com/bulletins/mobile#updateDetails

CVSS3

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

15.7%

JSON

Related for CVELIST:CVE-2023-44127