{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44129", "assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb", "state": "PUBLISHED", "assignerShortName": "LGE", "dateReserved": "2023-09-26T05:57:13.719Z", "datePublished": "2023-09-27T14:10:56.347Z", "dateUpdated": "2024-09-23T15:07:26.172Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LG V60 Thin Q 5G(LMV600VM)", "vendor": "LG Electronics", "versions": [{"lessThanOrEqual": "13", "status": "affected", "version": "Android 12", "versionType": "Android"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The vulnerability is that the Messaging (\"com.android.mms\") app patched by LG forwards attacker-controlled intents back to the attacker in the exported \"com.android.mms.ui.QClipIntentReceiverActivity\" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the \"com.lge.message.action.QCLIP\" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the \"onActivityResult()\" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions=\"true\"` flag set."}], "value": "The vulnerability is that the Messaging (\"com.android.mms\") app patched by LG forwards attacker-controlled intents back to the attacker in the exported \"com.android.mms.ui.QClipIntentReceiverActivity\" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the \"com.lge.message.action.QCLIP\" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the \"onActivityResult()\" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions=\"true\"` flag set."}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-926", "description": "CWE-926 Improper Export of Android Application Components", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb", "shortName": "LGE", "dateUpdated": "2023-09-27T14:10:56.347Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"}], "source": {"discovery": "UNKNOWN"}, "title": "Messaging - Gaining access to arbitrary content providers via QClipIntentReceiverActivity", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:50.858Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-23T14:51:19.697082Z", "id": "CVE-2023-44129", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T15:07:26.172Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:50.858Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44129", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-23T14:51:19.697082Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T15:07:17.934Z"}}], "cna": {"title": "Messaging - Gaining access to arbitrary content providers via QClipIntentReceiverActivity", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "LG Electronics", "product": "LG V60 Thin Q 5G(LMV600VM)", "versions": [{"status": "affected", "version": "Android 12", "versionType": "Android", "lessThanOrEqual": "13"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The vulnerability is that the Messaging (\"com.android.mms\") app patched by LG forwards attacker-controlled intents back to the attacker in the exported \"com.android.mms.ui.QClipIntentReceiverActivity\" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the \"com.lge.message.action.QCLIP\" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the \"onActivityResult()\" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions=\"true\"` flag set.", "supportingMedia": [{"type": "text/html", "value": "The vulnerability is that the Messaging (\"com.android.mms\") app patched by LG forwards attacker-controlled intents back to the attacker in the exported \"com.android.mms.ui.QClipIntentReceiverActivity\" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the \"com.lge.message.action.QCLIP\" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the \"onActivityResult()\" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions=\"true\"` flag set.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-926", "description": "CWE-926 Improper Export of Android Application Components"}]}], "providerMetadata": {"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb", "shortName": "LGE", "dateUpdated": "2023-09-27T14:10:56.347Z"}}}, "cveMetadata": {"cveId": "CVE-2023-44129", "state": "PUBLISHED", "dateUpdated": "2024-09-23T15:07:26.172Z", "dateReserved": "2023-09-26T05:57:13.719Z", "assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb", "datePublished": "2023-09-27T14:10:56.347Z", "assignerShortName": "LGE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5E2EE3E-FD6F-4D27-871A-EE468B136DA0", "versionEndIncluding": "13.0", "versionStartIncluding": "12.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*", "matchCriteriaId": "85B3B7D2-762E-4DD5-90F9-5246907748C4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The vulnerability is that the Messaging (\"com.android.mms\") app patched by LG forwards attacker-controlled intents back to the attacker in the exported \"com.android.mms.ui.QClipIntentReceiverActivity\" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the \"com.lge.message.action.QCLIP\" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the \"onActivityResult()\" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions=\"true\"` flag set."}, {"lang": "es", "value": "La vulnerabilidad es que la aplicaci\u00f3n de mensajer\u00eda (\"com.android.mms\") parcheada por LG reenv\u00eda intentos controlados por el atacante en la actividad \"com.android.mms.ui.QClipIntentReceiverActivity\" exportada. El atacante puede abusar de esta funcionalidad iniciando esta actividad y luego enviando una transmisi\u00f3n con la acci\u00f3n \"com.lge.message.action.QCLIP\". El atacante puede enviar, por ejemplo, sus propios datos/clipdata y establecer indicadores Intent.FLAG_GRANT_*. Despu\u00e9s de que el atacante recibiera esa intenci\u00f3n en el m\u00e9todo \"onActivityResult()\", tendr\u00eda acceso a proveedores de contenido arbitrarios que tengan configurado el indicador `android:grantUriPermissions=\"true\"`."}], "id": "CVE-2023-44129", "lastModified": "2024-11-21T08:25:18.383", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "product.security@lge.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-27T15:19:37.350", "references": [{"source": "product.security@lge.com", "tags": ["Vendor Advisory"], "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails"}], "sourceIdentifier": "product.security@lge.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-926"}], "source": "product.security@lge.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}