CVE-2023-44128 - OpenCVE

he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the "installPackageVerify()" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Lg	V60 Thin Q 5g

Configuration 1 [-]

AND

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lgsecurity.lge.com/bulletins/mobile#updateDetails

History

No history.

MITRE

Status: PUBLISHED

Assigner: LGE

Published: 2023-09-27T14:08:51.040Z

Updated: 2024-08-02T19:59:50.897Z

Reserved: 2023-09-26T05:57:13.719Z

Link: CVE-2023-44128

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-27T15:19:37.217

Modified: 2023-10-02T18:20:59.393

Link: CVE-2023-44128

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44128", "assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb", "state": "PUBLISHED", "assignerShortName": "LGE", "dateReserved": "2023-09-26T05:57:13.719Z", "datePublished": "2023-09-27T14:08:51.040Z", "dateUpdated": "2024-08-02T19:59:50.897Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LG V60 Thin Q 5G(LMV600VM)", "vendor": "LG Electronics", "versions": [{"lessThanOrEqual": "13", "status": "affected", "version": "Android 4", "versionType": "Android"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "he vulnerability is to delete arbitrary files in LGInstallService (\"com.lge.lginstallservies\") app. The app contains the exported \"com.lge.lginstallservies.InstallService\" service that exposes an AIDL interface. All its \"installPackage*\" methods are finally calling the \"installPackageVerify()\" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted."}], "value": "he vulnerability is to delete arbitrary files in LGInstallService (\"com.lge.lginstallservies\") app. The app contains the exported \"com.lge.lginstallservies.InstallService\" service that exposes an AIDL interface. All its \"installPackage*\" methods are finally calling the \"installPackageVerify()\" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted."}], "impacts": [{"capecId": "CAPEC-29", "descriptions": [{"lang": "en", "value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb", "shortName": "LGE", "dateUpdated": "2023-09-27T14:13:34.358Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"}], "source": {"discovery": "UNKNOWN"}, "title": "LGInstallService - Deletion of arbitrary files with system privilege", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:50.897Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D92B47F-F5BA-4C09-A194-4FE2D23CE28D", "versionEndIncluding": "13.0", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*", "matchCriteriaId": "85B3B7D2-762E-4DD5-90F9-5246907748C4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "he vulnerability is to delete arbitrary files in LGInstallService (\"com.lge.lginstallservies\") app. The app contains the exported \"com.lge.lginstallservies.InstallService\" service that exposes an AIDL interface. All its \"installPackage*\" methods are finally calling the \"installPackageVerify()\" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted."}, {"lang": "es", "value": "La vulnerabilidad consiste en eliminar archivos arbitrarios en la aplicaci\u00f3n LGInstallService (\"com.lge.lginstallservies\"). La aplicaci\u00f3n contiene el servicio \"com.lge.lginstallservies.InstallService\" exportado que expone una interfaz AIDL. Todos sus m\u00e9todos \"installPackage*\" finalmente llaman al m\u00e9todo \"installPackageVerify()\" que realiza la validaci\u00f3n de la firma despu\u00e9s del m\u00e9todo de eliminaci\u00f3n del archivo. Un atacante puede controlar las condiciones para que esta verificaci\u00f3n de seguridad nunca se realice y se elimine un archivo controlado por el atacante."}], "id": "CVE-2023-44128", "lastModified": "2023-10-02T18:20:59.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.7, "source": "product.security@lge.com", "type": "Secondary"}]}, "published": "2023-09-27T15:19:37.217", "references": [{"source": "product.security@lge.com", "tags": ["Vendor Advisory"], "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"}], "sourceIdentifier": "product.security@lge.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-367"}], "source": "product.security@lge.com", "type": "Secondary"}]}