Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-42468

Published: 13/09/2023 Updated: 18/09/2023
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Color Phone

Vulnerability Summary

The com.cutestudio.colordialer application up to and including 2.1.8-2 for Android allows a remote malicious user to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call.

Vulnerable Product Search on Vulmon Subscribe to Product

azmobileapps color phone

References

NVD-CWE-noinfohttps://github.com/actuator/com.cutestudio.colordialer/blob/main/dial.gifhttps://github.com/actuator/cve/blob/main/CVE-2023-42468https://github.com/actuator/com.cutestudio.colordialer/blob/main/CWE-284.mdhttps://github.com/actuator/com.cutestudio.colordialer/blob/main/dialerPOC.apkhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook