Описание
The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 4.1.1 (включая) до 4.4.2 (включая)
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00139
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application.
EPSS
Процентиль: 34%
0.00139
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-284