PendingIntent Hijacking Vulnerability in Motorola Device Help (Genie) Could Allow Local Attackers to Access Files or Interact with Non-Exported Software Components Without Permission
CVE-2023-41826

5.1MEDIUM

Key Information:

Vendor: Motorola
Status: Phones
Vendor: CVE Published:; 3 May 2024

Summary

A vulnerability exists in the Motorola Device Help application, specifically a PendingIntent hijacking issue. This vulnerability allows local attackers to gain unauthorized access to sensitive files and interact with non-exported software components without proper permissions. Due to this security loophole, the potential for exploitation is significant, as local threats can leverage this flaw to compromise the integrity of the affected system.

Affected Version(s)

Phones < 2023-12-01

References

https://en-us.support.motorola.com/app/answers/detail/a_i...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 1, 2023

Credit

Sergey Toshin and Illia Khorolskyi of Oversecured (ovesecured.com)