Lucene search

[email protected]CVE-2023-44127

HistorySep 27, 2023 - 3:19 p.m.

CVE-2023-44127

2023-09-2715:19:37

CWE-927

[email protected]

web.nvd.nist.gov

call management

sensitive data

implicit intents

disclosure

cve-2023-44127

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

he vulnerability is that the Call management (“com.android.server.telecom”) app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.

Affected configurations

NVD

Node

googleandroidRange8.0–13.0

AND

lgv60_thin_q_5gMatch-

CPENameOperatorVersion
google:androidgoogle androidle13.0

CPE	Name	Operator	Version
google:android	google android	le	13.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "LG V60 Thin Q 5G(LMV600VM)",
    "vendor": "LG Electronics",
    "versions": [
      {
        "lessThanOrEqual": "13",
        "status": "affected",
        "version": "Android 8",
        "versionType": "Android"
      }
    ]
  }
]

References

lgsecurity.lge.com/bulletins/mobile#updateDetails

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for CVE-2023-44127

nvd1 prion1 cvelist1