CVE-2023-44126 LOW

CVE-2023-44126: Call management - Implicit intents disclose telephony data such as phone numbers, call states, contacts

Vendor Lg Electronics
Product LG V60 Thin Q 5G(LMV600VM)
Weakness CWE-925
Published September 27, 2023
Last update September 20, 2024

CVSS base score

3.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc.

Key dates

02Disclosure timeline

September 27, 2023 CVE published
September 20, 2024 Record updated