CVE-2023-44127

Summary

he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.

Affected Software

VendorProductVersion RangeStatus
LG ElectronicsLG V60 Thin Q 5G(LMV600VM)Android 8 <= 13affected

Weaknesses

  • CWE-927: CWE-927 Use of Implicit Intent for Sensitive Communication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References