CVE-2023-44127 LOW

CVE-2023-44127: Call management - Implicit activity intents disclose contact details and phone numbers

Vendor Lg Electronics
Product LG V60 Thin Q 5G(LMV600VM)
Weakness CWE-927
Published September 27, 2023
Last update September 20, 2024

CVSS base score

3.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.

Key dates

02Disclosure timeline

September 27, 2023 CVE published
September 20, 2024 Record updated