CVE-2023-44123 - Vulnerability Details - OpenCVE

The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Google	Android
Lg	V60 Thin Q 5g

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:13.0:::::::*

cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lgsecurity.lge.com/bulletins/mobile#updateDetails

History

Fri, 20 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: LGE

Published: 2023-09-27T13:52:57.933Z

Updated: 2024-09-20T19:52:54.896Z

Reserved: 2023-09-26T05:57:13.269Z

Link: CVE-2023-44123

Vulnrichment

Updated: 2024-08-02T19:59:51.614Z

NVD

Status : Modified

Published: 2023-09-27T15:19:35.830

Modified: 2024-11-21T08:25:17.547

Link: CVE-2023-44123

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44123", "assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb", "state": "PUBLISHED", "assignerShortName": "LGE", "dateReserved": "2023-09-26T05:57:13.269Z", "datePublished": "2023-09-27T13:52:57.933Z", "dateUpdated": "2024-09-20T19:52:54.896Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LG V60 Thin Q 5G(LMV600VM)", "vendor": "LG Electronics", "versions": [{"status": "affected", "version": "Android 12, 13"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\"com.lge.bluetoothsetting\") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\"true\"` flag. "}], "value": "The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\"com.lge.bluetoothsetting\") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\"true\"` flag. "}], "impacts": [{"capecId": "CAPEC-234", "descriptions": [{"lang": "en", "value": "CAPEC-234 Hijacking a privileged process"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb", "shortName": "LGE", "dateUpdated": "2023-09-27T13:52:57.933Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"}], "source": {"discovery": "UNKNOWN"}, "title": "Bluetooth - Theft and (over-)write of arbitrary files with system privilege via PendingIntent hijacking", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.614Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-20T18:34:28.354648Z", "id": "CVE-2023-44123", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-20T19:52:54.896Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.614Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44123", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-20T18:34:28.354648Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-20T19:52:49.865Z"}}], "cna": {"title": "Bluetooth - Theft and (over-)write of arbitrary files with system privilege via PendingIntent hijacking", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-234", "descriptions": [{"lang": "en", "value": "CAPEC-234 Hijacking a privileged process"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "LG Electronics", "product": "LG V60 Thin Q 5G(LMV600VM)", "versions": [{"status": "affected", "version": "Android 12, 13"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\"com.lge.bluetoothsetting\") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\"true\"` flag. ", "supportingMedia": [{"type": "text/html", "value": "The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\"com.lge.bluetoothsetting\") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\"true\"` flag. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285 Improper Authorization"}]}], "providerMetadata": {"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb", "shortName": "LGE", "dateUpdated": "2023-09-27T13:52:57.933Z"}}}, "cveMetadata": {"cveId": "CVE-2023-44123", "state": "PUBLISHED", "dateUpdated": "2024-09-20T19:52:54.896Z", "dateReserved": "2023-09-26T05:57:13.269Z", "assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb", "datePublished": "2023-09-27T13:52:57.933Z", "assignerShortName": "LGE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*", "matchCriteriaId": "85B3B7D2-762E-4DD5-90F9-5246907748C4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\"com.lge.bluetoothsetting\") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\"true\"` flag. "}, {"lang": "es", "value": "La vulnerabilidad es el uso de PendingIntents impl\u00edcitos con el conjunto PendingIntent.FLAG_MUTABLE que conduce al robo y/o (sobre)escritura de archivos arbitrarios con privilegios del sistema en la aplicaci\u00f3n Bluetooth (\"com.lge.bluetoothsetting\"). La aplicaci\u00f3n del atacante, si tuviera acceso a las notificaciones de la aplicaci\u00f3n, podr\u00eda interceptarlas y redirigirlas a su actividad, antes de otorgar permisos de acceso a los proveedores de contenido con el indicador `android:grantUriPermissions=\"true\"`."}], "id": "CVE-2023-44123", "lastModified": "2024-11-21T08:25:17.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.7, "source": "product.security@lge.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-27T15:19:35.830", "references": [{"source": "product.security@lge.com", "tags": ["Vendor Advisory"], "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"}], "sourceIdentifier": "product.security@lge.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "product.security@lge.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}