CVE-2023-44126

The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:25

Type Values Removed Values Added
References () https://lgsecurity.lge.com/bulletins/mobile#updateDetails - Vendor Advisory () https://lgsecurity.lge.com/bulletins/mobile#updateDetails - Vendor Advisory
CVSS v2 : unknown
v3 : 5.5
v2 : unknown
v3 : 3.6

02 Oct 2023, 15:26

Type Values Removed Values Added
CPE cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
First Time Google android
Lg v60 Thin Q 5g
Google
Lg
References (MISC) https://lgsecurity.lge.com/bulletins/mobile#updateDetails - (MISC) https://lgsecurity.lge.com/bulletins/mobile#updateDetails - Vendor Advisory

27 Sep 2023, 15:19

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-27 15:19

Updated : 2024-11-21 08:25


NVD link : CVE-2023-44126

Mitre link : CVE-2023-44126

CVE.ORG link : CVE-2023-44126


JSON object : View

Products Affected

lg

  • v60_thin_q_5g

google

  • android
CWE
CWE-925

Improper Verification of Intent by Broadcast Receiver

NVD-CWE-noinfo