{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-40040", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-26T15:53:44.779Z", "dateReserved": "2023-08-08T00:00:00", "datePublished": "2023-09-11T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-11T05:59:07.526132"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in the MyCrops HiGrade \"THC Testing & Cannabi\" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/actuator/cve/blob/main/CVE-2023-40040"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:54.649Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/actuator/cve/blob/main/CVE-2023-40040", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "android", "product": "mycrops_higrade", "cpes": ["cpe:2.3:a:android:mycrops_higrade:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0.337", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T15:49:42.437265Z", "id": "CVE-2023-40040", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T15:53:44.779Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/actuator/cve/blob/main/CVE-2023-40040", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:54.649Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-40040", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-26T15:49:42.437265Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:android:mycrops_higrade:*:*:*:*:*:*:*:*"], "vendor": "android", "product": "mycrops_higrade", "versions": [{"status": "affected", "version": "1.0.337"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T15:53:39.266Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/actuator/cve/blob/main/CVE-2023-40040"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the MyCrops HiGrade \"THC Testing & Cannabi\" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-11T05:59:07.526132"}}}, "cveMetadata": {"cveId": "CVE-2023-40040", "state": "PUBLISHED", "dateUpdated": "2024-09-26T15:53:44.779Z", "dateReserved": "2023-08-08T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-09-11T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mycrops:higrade:1.0.337:*:*:*:*:*:*:*", "matchCriteriaId": "80F3D3AB-302E-468B-A629-7D1FEC180109", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC72A6B1-2BD5-4548-B495-3890C6197500", "versionEndIncluding": "5.1.1", "versionStartIncluding": "5.0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the MyCrops HiGrade \"THC Testing & Cannabi\" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en la aplicaci\u00f3n MyCrops HiGrade \"THC Testing & Cannabi\" 1.0.337 para Android. Un atacante remoto puede iniciar la transmisi\u00f3n de la c\u00e1mara a trav\u00e9s del componente com.cordovaplugincamerapreview.CameraActivity en algunas situaciones. NOTA: esto solo se puede explotar en versiones de Android que carecen de comprobaciones de permisos de tiempo de ejecuci\u00f3n y, de ellas, solo Android SDK 5.1.1 API 22 es coherente con el manifiesto. Por lo tanto, esto se aplica s\u00f3lo a Android Lollipop, y afectar\u00e1 a menos del cinco por ciento de los dispositivos Android a partir de 2023."}], "id": "CVE-2023-40040", "lastModified": "2024-11-21T08:18:34.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-11T06:15:43.830", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/actuator/cve/blob/main/CVE-2023-40040"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/actuator/cve/blob/main/CVE-2023-40040"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}