CVE-2023-44126Improper Verification of Intent by Broadcast Receiver in Google Android

CWE-925Improper Verification of Intent by Broadcast Receiver2 documents2 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 86.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LG Electronics LG V60 Thin Q 5GGoogle Android
Timeline
PublishedSep 27

Description

The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDgoogle/android8.013.0
CVEListV5lg_electronics/lg_v60_thin_q_5gAndroid 813

🔴Vulnerability Details

1
GHSA
GHSA-6rmr-m77c-mfqc: The vulnerability is that the Call management ("com2023-09-27