CVE-2023-44123 - OpenCVE

The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Lg	V60 Thin Q 5g

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:13.0:::::::*

cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lgsecurity.lge.com/bulletins/mobile#updateDetails

History

No history.

MITRE

Status: PUBLISHED

Assigner: LGE

Published: 2023-09-27T13:52:57.933Z

Updated: 2024-08-02T19:59:51.614Z

Reserved: 2023-09-26T05:57:13.269Z

Link: CVE-2023-44123

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-27T15:19:35.830

Modified: 2023-10-02T18:22:38.543

Link: CVE-2023-44123

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44123", "assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb", "state": "PUBLISHED", "assignerShortName": "LGE", "dateReserved": "2023-09-26T05:57:13.269Z", "datePublished": "2023-09-27T13:52:57.933Z", "dateUpdated": "2024-08-02T19:59:51.614Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LG V60 Thin Q 5G(LMV600VM)", "vendor": "LG Electronics", "versions": [{"status": "affected", "version": "Android 12, 13"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\"com.lge.bluetoothsetting\") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\"true\"` flag. "}], "value": "The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\"com.lge.bluetoothsetting\") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\"true\"` flag. "}], "impacts": [{"capecId": "CAPEC-234", "descriptions": [{"lang": "en", "value": "CAPEC-234 Hijacking a privileged process"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb", "shortName": "LGE", "dateUpdated": "2023-09-27T13:52:57.933Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"}], "source": {"discovery": "UNKNOWN"}, "title": "Bluetooth - Theft and (over-)write of arbitrary files with system privilege via PendingIntent hijacking", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.614Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*", "matchCriteriaId": "85B3B7D2-762E-4DD5-90F9-5246907748C4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\"com.lge.bluetoothsetting\") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\"true\"` flag. "}, {"lang": "es", "value": "La vulnerabilidad es el uso de PendingIntents impl\u00edcitos con el conjunto PendingIntent.FLAG_MUTABLE que conduce al robo y/o (sobre)escritura de archivos arbitrarios con privilegios del sistema en la aplicaci\u00f3n Bluetooth (\"com.lge.bluetoothsetting\"). La aplicaci\u00f3n del atacante, si tuviera acceso a las notificaciones de la aplicaci\u00f3n, podr\u00eda interceptarlas y redirigirlas a su actividad, antes de otorgar permisos de acceso a los proveedores de contenido con el indicador `android:grantUriPermissions=\"true\"`."}], "id": "CVE-2023-44123", "lastModified": "2023-10-02T18:22:38.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.7, "source": "product.security@lge.com", "type": "Secondary"}]}, "published": "2023-09-27T15:19:35.830", "references": [{"source": "product.security@lge.com", "tags": ["Vendor Advisory"], "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"}], "sourceIdentifier": "product.security@lge.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "product.security@lge.com", "type": "Secondary"}]}