CVE-2023-44123 (GCVE-0-2023-44123)
Vulnerability from cvelistv5 – Published: 2023-09-27 13:52 – Updated: 2024-09-20 19:52
VLAI?
Summary
The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag.
Severity ?
6.1 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LG Electronics | LG V60 Thin Q 5G(LMV600VM) |
Affected:
Android 12, 13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T18:34:28.354648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T19:52:54.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LG V60 Thin Q 5G(LMV600VM)",
"vendor": "LG Electronics",
"versions": [
{
"status": "affected",
"version": "Android 12, 13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\"com.lge.bluetoothsetting\") app. The attacker\u0027s app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\"true\"` flag. "
}
],
"value": "The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\"com.lge.bluetoothsetting\") app. The attacker\u0027s app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\"true\"` flag. "
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T13:52:57.933Z",
"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"shortName": "LGE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bluetooth - Theft and (over-)write of arbitrary files with system privilege via PendingIntent hijacking",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"assignerShortName": "LGE",
"cveId": "CVE-2023-44123",
"datePublished": "2023-09-27T13:52:57.933Z",
"dateReserved": "2023-09-26T05:57:13.269Z",
"dateUpdated": "2024-09-20T19:52:54.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8FB8EE9-FC56-4D5E-AE55-A5967634740C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"879FFD0C-9B38-4CAA-B057-1086D794D469\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85B3B7D2-762E-4DD5-90F9-5246907748C4\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\\\"com.lge.bluetoothsetting\\\") app. The attacker\u0027s app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\\\"true\\\"` flag. \"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad es el uso de PendingIntents impl\\u00edcitos con el conjunto PendingIntent.FLAG_MUTABLE que conduce al robo y/o (sobre)escritura de archivos arbitrarios con privilegios del sistema en la aplicaci\\u00f3n Bluetooth (\\\"com.lge.bluetoothsetting\\\"). La aplicaci\\u00f3n del atacante, si tuviera acceso a las notificaciones de la aplicaci\\u00f3n, podr\\u00eda interceptarlas y redirigirlas a su actividad, antes de otorgar permisos de acceso a los proveedores de contenido con el indicador `android:grantUriPermissions=\\\"true\\\"`.\"}]",
"id": "CVE-2023-44123",
"lastModified": "2024-11-21T08:25:17.547",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"product.security@lge.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
"published": "2023-09-27T15:19:35.830",
"references": "[{\"url\": \"https://lgsecurity.lge.com/bulletins/mobile#updateDetails\", \"source\": \"product.security@lge.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lgsecurity.lge.com/bulletins/mobile#updateDetails\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "product.security@lge.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"product.security@lge.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-285\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-44123\",\"sourceIdentifier\":\"product.security@lge.com\",\"published\":\"2023-09-27T15:19:35.830\",\"lastModified\":\"2024-11-21T08:25:17.547\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\\\"com.lge.bluetoothsetting\\\") app. The attacker\u0027s app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\\\"true\\\"` flag. \"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad es el uso de PendingIntents impl\u00edcitos con el conjunto PendingIntent.FLAG_MUTABLE que conduce al robo y/o (sobre)escritura de archivos arbitrarios con privilegios del sistema en la aplicaci\u00f3n Bluetooth (\\\"com.lge.bluetoothsetting\\\"). La aplicaci\u00f3n del atacante, si tuviera acceso a las notificaciones de la aplicaci\u00f3n, podr\u00eda interceptarlas y redirigirlas a su actividad, antes de otorgar permisos de acceso a los proveedores de contenido con el indicador `android:grantUriPermissions=\\\"true\\\"`.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product.security@lge.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":3.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"product.security@lge.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-285\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8FB8EE9-FC56-4D5E-AE55-A5967634740C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"879FFD0C-9B38-4CAA-B057-1086D794D469\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85B3B7D2-762E-4DD5-90F9-5246907748C4\"}]}]}],\"references\":[{\"url\":\"https://lgsecurity.lge.com/bulletins/mobile#updateDetails\",\"source\":\"product.security@lge.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lgsecurity.lge.com/bulletins/mobile#updateDetails\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lgsecurity.lge.com/bulletins/mobile#updateDetails\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:59:51.614Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-44123\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-20T18:34:28.354648Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-20T19:52:49.865Z\"}}], \"cna\": {\"title\": \"Bluetooth - Theft and (over-)write of arbitrary files with system privilege via PendingIntent hijacking\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-234\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-234 Hijacking a privileged process\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"LG Electronics\", \"product\": \"LG V60 Thin Q 5G(LMV600VM)\", \"versions\": [{\"status\": \"affected\", \"version\": \"Android 12, 13\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lgsecurity.lge.com/bulletins/mobile#updateDetails\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\\\"com.lge.bluetoothsetting\\\") app. The attacker\u0027s app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\\\"true\\\"` flag. \", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\\\"com.lge.bluetoothsetting\\\") app. The attacker\u0027s app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\\\"true\\\"` flag. \", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-285\", \"description\": \"CWE-285 Improper Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"42f21055-226c-4bce-a3c8-ecf55a3551fb\", \"shortName\": \"LGE\", \"dateUpdated\": \"2023-09-27T13:52:57.933Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-44123\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-20T19:52:54.896Z\", \"dateReserved\": \"2023-09-26T05:57:13.269Z\", \"assignerOrgId\": \"42f21055-226c-4bce-a3c8-ecf55a3551fb\", \"datePublished\": \"2023-09-27T13:52:57.933Z\", \"assignerShortName\": \"LGE\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…