5.5

CVE-2023-44127

EPSS 0.05%
Veröffentlicht 27.09.2023 15:19:37
Zuletzt bearbeitet 21.11.2024 08:25:18
Quelle product.security@lge.com
CVE-Watchlists
Login
Unerledigt
Login

Call management - Implicit activity intents disclose contact details and phone numbers

he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version >= 8.0 <= 13.0

Lg ≫ V60 Thin Q 5g Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.139

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
product.security@lge.com	3.6	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

CWE-927 Use of Implicit Intent for Sensitive Communication

The Android application uses an implicit intent for transmitting sensitive data to other applications.

https://lgsecurity.lge.com/bulletins/mobile#updateDetails

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-44127

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-44127

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-44127

EUVD