Missing Permission Check in Unisoc Email Service
CVE-2023-30915

5.5MEDIUM

Key Information:

Vendor: Unisoc (shanghai) Technologies Co., Ltd.
Status: Sc9863a/sc9832e/sc7731e/t610/t310/t606/t760/t610/t618/t606/t612/t616/t760/t770/t820/s8000
Vendor: CVE Published:; 6 June 2023

🔔 Create Unisoc (shanghai) Technologies Co., Ltd. Vulnerability Alert

What is CVE-2023-30915?

A security weakness in Unisoc's email service has been identified, where a missing permission check allows for potential local information disclosure. This vulnerability may expose sensitive information without the need for additional execution privileges, posing a risk to data confidentiality. Users are advised to apply the necessary patches to safeguard against unauthorized data access.

Affected Version(s)

SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 Android10/Android11/Android12

References

https://www.unisoc.com/en_us/secy/announcementDetail/1664...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2023
Vulnerability Reserved
Apr 21, 2023