CVE-2023-44127Use of Implicit Intent for Sensitive Communication in Google Android

CWE-927Use of Implicit Intent for Sensitive Communication2 documents2 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 86.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LG Electronics LG V60 Thin Q 5GGoogle Android
Timeline
PublishedSep 27

Description

he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDgoogle/android8.013.0
CVEListV5lg_electronics/lg_v60_thin_q_5gAndroid 813

🔴Vulnerability Details

1
GHSA
GHSA-cv9c-m43f-27cv: he vulnerability is that the Call management ("com2023-09-27