CVE-2023-44122

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 27, 2023
Updated: Oct 2, 2023
CWE ID 927
CWE ID 668

Summary

CVE-2023-44122 is a vulnerability that affects the LockScreenSettings app ("com.lge.lockscreensettings") on devices running certain products. The vulnerability allows for theft of arbitrary files with system privileges. The issue arises from the app launching implicit intents that can be intercepted by third-party apps, which can return arbitrary data to the app's "onActivityResult()" method. The LockScreenSettings app then copies the received file to a specific path and changes the file access mode to world-readable and world-writable. To remediate this vulnerability, users should update their affected products to the latest version provided by the vendor. This vulnerability poses a medium risk to organizations as it could potentially lead to unauthorized access and theft of sensitive files on affected devices.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-44122 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options