Lucene search

GoogleOSV:ASB-A-257030107

HistoryApr 01, 2023 - 12:00 a.m.

Contact data enumeration using undocumented feature in TelecomManager.placeCall

2023-04-0100:00:00

Google

osv.dev

contact data enumeration user execution privileges software

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user’s contact phone number due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/packages/services/telecommeq12
platform/packages/services/telecommeq11
platform/packages/services/telecommeq12L
platform/packages/services/telecommeq13

Name	Operator	Version
platform/packages/services/telecomm	eq	12
platform/packages/services/telecomm	eq	11
platform/packages/services/telecomm	eq	12L
platform/packages/services/telecomm	eq	13

References

android.googlesource.com/platform/packages/services/Telecomm/+/e96d20e5244346179f49a88fea8ab5e0929444e5

source.android.com/security/bulletin/2023-04-01

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-257030107