Lucene search

K
cve[email protected]CVE-2023-42730
HistoryDec 04, 2023 - 1:15 a.m.

CVE-2023-42730

2023-12-0401:15:11
CWE-862
web.nvd.nist.gov
7
cve-2023-42730
ims service
permission usage
missing permission check
local information disclosure

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0

Percentile

5.1%

In IMS service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Affected configurations

NVD
Node
googleandroidMatch11.0
OR
googleandroidMatch12.0
OR
googleandroidMatch13.0
AND
unisocs8000Match-
OR
unisocsc7731eMatch-
OR
unisocsc9832eMatch-
OR
unisocsc9863aMatch-
OR
unisoct310Match-
OR
unisoct606Match-
OR
unisoct610Match-
OR
unisoct612Match-
OR
unisoct616Match-
OR
unisoct618Match-
OR
unisoct760Match-
OR
unisoct770Match-
OR
unisoct820Match-
VendorProductVersionCPE
googleandroid12.0cpe:/o:google:android:12.0:::
googleandroid11.0cpe:/o:google:android:11.0:::
googleandroid13.0cpe:/o:google:android:13.0:::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000",
    "versions": [
      {
        "version": "Android11/Android12/Android13",
        "status": "affected"
      }
    ],
    "vendor": "Unisoc (Shanghai) Technologies Co., Ltd."
  }
]

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0

Percentile

5.1%

Related for CVE-2023-42730