Privilege Escalation Risk in Telephony Service Affects Unisoc Products
CVE-2022-48390

7.8HIGH

Key Information:

Vendor: Unisoc (shanghai) Technologies Co., Ltd.
Status: Sc9863a/sc9832e/sc7731e/t610/t310/t606/t760/t610/t618/t606/t612/t616/t760/t770/t820/s8000
Vendor: CVE Published:; 6 June 2023

🔔 Create Unisoc (shanghai) Technologies Co., Ltd. Vulnerability Alert

What is CVE-2022-48390?

A vulnerability exists in the telephony service that may allow local escalation of privilege due to a missing permission check. This could enable an attacker to gain unauthorized access without needing to execute additional privileges, posing significant risks to system integrity and user data.

Affected Version(s)

SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 Android10/Android11/Android12

References

https://www.unisoc.com/en_us/secy/announcementDetail/1664...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2023
Vulnerability Reserved
Mar 13, 2023