CVE-2023-44127

EUVD-2023-48486
he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.6 LOW
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
LGECNA
3.6 LOW
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
googleandroid
8.0 ≤
𝑥
≤ 13.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lgsecurity.lge.com/bulletins/mobile#updateDetails
https://lgsecurity.lge.com/bulletins/mobile#updateDetails