How severe is CVE-2023-44122?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2023-44122?

This is classified as CWE-927, which is a common weakness in software security.

CVE-2023-44122 - HIGH Severity | CVSS 7.8

Vulnerability Description

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The LockScreenSettings app copies the received file to the "/data/shared/dw/mycategory/wallpaper_01.png" path and then changes the file access mode to world-readable and world-writable.

Related Vulnerabilities

CVE-2022-4903

HIGH

CVSS:8.1(High)

A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. I...

CWE-9272022

CVE-2022-4903

HIGH

CVSS:8.1(High)

CWE-9272022

CVE-2022-33734

MEDIUM

CVSS:5.5(Medium)

Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.

CWE-9272022

CVE-2022-36829

MEDIUM

CVSS:5.5(Medium)

PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.

CWE-9272022

CVE-2022-36830

MEDIUM

CVSS:5.5(Medium)

PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.

CWE-9272022

CVE-2023-44127

MEDIUM

CVSS:5.5(Medium)

he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same devic...

CWE-9272023