CVE-2023-44127— Call management - Implicit activity intents disclose contact details and phone numbers
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-44127
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Call management - Implicit activity intents disclose contact details and phone numbers
Source: NVD (National Vulnerability Database)
Vulnerability Description
he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-927
Source: NVD (National Vulnerability Database)
Vulnerability Title
LG Mobile 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
LG mobile是韩国乐金(LG)公司的一系列移动设备产品。 LG Mobile存在安全漏洞。攻击者利用该漏洞可以获取敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| LG Electronics | LG V60 Thin Q 5G(LMV600VM) | Android 8 ~ 13 | - |
II. Public POCs for CVE-2023-44127
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-44127
请登录查看更多情报信息。
- https://lgsecurity.lge.com/bulletins/mobile#updateDetailsvendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-44127
Same Patch Batch · LG Electronics · 2023-09-27 · 9 CVEs total
| CVE-2023-44125 | 6.1 MEDIUM | Personalized service - Theft and (over-)write of arbitrary files with system privilege via |
| CVE-2023-44124 | 6.1 MEDIUM | Screen recording - Theft of arbitrary files with system privilege |
| CVE-2023-44123 | 6.1 MEDIUM | Bluetooth - Theft and (over-)write of arbitrary files with system privilege via PendingInt |
| CVE-2023-44122 | 6.1 MEDIUM | LockScreenSettings - Theft arbitrary files with system privilege |
| CVE-2023-44128 | 5.0 MEDIUM | LGInstallService - Deletion of arbitrary files with system privilege |
| CVE-2023-44121 | 5.0 MEDIUM | LG ThinQ Service - Intent redirection with system privilege/LaunchAnyWhere |
| CVE-2023-44129 | 3.6 LOW | Messaging - Gaining access to arbitrary content providers via QClipIntentReceiverActivity |
| CVE-2023-44126 | 3.6 LOW | Call management - Implicit intents disclose telephony data such as phone numbers, call sta |
IV. Related Vulnerabilities
Same product: LG V60 Thin Q 5G(LMV600VM)
- CVE-2023-44129
Messaging - Gaining access to arbitrary content providers vi - CVE-2023-44128
LGInstallService - Deletion of arbitrary files with system p - CVE-2023-44126
Call management - Implicit intents disclose telephony data s - CVE-2023-44125
Personalized service - Theft and (over-)write of arbitrary f - CVE-2023-44124
Screen recording - Theft of arbitrary files with system priv
V. Comments for CVE-2023-44127
No comments yet