{ "id": "CVE-2023-44129", "sourceIdentifier": "product.security@lge.com", "published": "2023-09-27T15:19:37.350", "lastModified": "2023-10-02T18:59:15.660", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability is that the Messaging (\"com.android.mms\") app patched by LG forwards attacker-controlled intents back to the attacker in the exported \"com.android.mms.ui.QClipIntentReceiverActivity\" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the \"com.lge.message.action.QCLIP\" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the \"onActivityResult()\" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions=\"true\"` flag set." }, { "lang": "es", "value": "La vulnerabilidad es que la aplicaci\u00f3n de mensajer\u00eda (\"com.android.mms\") parcheada por LG reenv\u00eda intentos controlados por el atacante en la actividad \"com.android.mms.ui.QClipIntentReceiverActivity\" exportada. El atacante puede abusar de esta funcionalidad iniciando esta actividad y luego enviando una transmisi\u00f3n con la acci\u00f3n \"com.lge.message.action.QCLIP\". El atacante puede enviar, por ejemplo, sus propios datos/clipdata y establecer indicadores Intent.FLAG_GRANT_*. Despu\u00e9s de que el atacante recibiera esa intenci\u00f3n en el m\u00e9todo \"onActivityResult()\", tendr\u00eda acceso a proveedores de contenido arbitrarios que tengan configurado el indicador `android:grantUriPermissions=\"true\"`." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW" }, "exploitabilityScore": 1.8, "impactScore": 1.4 }, { "source": "product.security@lge.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW" }, "exploitabilityScore": 1.8, "impactScore": 1.4 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] }, { "source": "product.security@lge.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-926" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.0", "versionEndIncluding": "13.0", "matchCriteriaId": "F5E2EE3E-FD6F-4D27-871A-EE468B136DA0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*", "matchCriteriaId": "85B3B7D2-762E-4DD5-90F9-5246907748C4" } ] } ] } ], "references": [ { "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", "source": "product.security@lge.com", "tags": [ "Vendor Advisory" ] } ] }