CVE-2023-44126

Summary

The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc.

Affected Software

VendorProductVersion RangeStatus
LG ElectronicsLG V60 Thin Q 5G(LMV600VM)Android 8 <= 13affected

Weaknesses

  • CWE-925: CWE-925 Improper Verification of Intent by Broadcast Receiver

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References