CVE-2023-44123

Bluetooth - Theft and (over-)write of arbitrary files with system privilege via PendingIntent hijacking

CVSS 6.1 MEDIUMEPSS 0.1%CWE-285

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.1EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

27 Sep 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Affected products

LG Electronics · LG V60 Thin Q 5G(LMV600VM)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lgsecurity.lge.com/bulletins/mobile#updateDetails