Local Information Disclosure Vulnerability in Messaging by Unisoc
CVE-2023-40641
5.5MEDIUM
Summary
A vulnerability has been identified in the Messaging system developed by Unisoc that allows for local information disclosure. The flaw arises from a missing permission check, which could potentially allow unauthorized access to sensitive data without requiring any additional execution privileges. This situation raises serious security concerns as attackers might exploit this weakness to gain unwarranted access to private information.
Affected Version(s)
SC9863A Android11/Android12
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved