CVE-2023-44124
Last modified
CVE-2023-44124 is a low-severity vulnerability rated 3.3/10 on the CVSS scale. The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. EPSS estimates a 0.09% chance of exploitation in the next 30 days.
Description
The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Android | 12.0 | |
| Android | 13.0 |
References
- https://lgsecurity.lge.com/bulletins/mobile#updateDetailsVendor Advisory
- https://lgsecurity.lge.com/bulletins/mobile#updateDetailsVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-44124?
How severe is CVE-2023-44124?
How do I fix CVE-2023-44124?
Are you affected by CVE-2023-44124?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST