CVE-2023-44122Use of Implicit Intent for Sensitive Communication in Electronics LG V60 Thin Q 5G

CWE-927Use of Implicit Intent for Sensitive CommunicationCWE-668Resource Exposure2 documents2 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LG Electronics LG V60 Thin Q 5GGoogle Android
Timeline
PublishedSep 27

Description

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The LockScreenSettings app copies the received file to

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDgoogle/android12.0, 13.0+1
CVEListV5lg_electronics/lg_v60_thin_q_5gAndroid 12, 13

🔴Vulnerability Details

1
GHSA
GHSA-gq65-23cc-h5wp: The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com2023-09-27