Missing Permission Check in Telephony Service from Unisoc Product
CVE-2023-42717

7.5HIGH

Key Information:

Vendor: Unisoc
Status: SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
Vendor: CVE Published:; 4 December 2023

Summary

A potential security vulnerability exists within the telephony service of Unisoc products due to a missing permission check. This oversight can result in the unauthorized disclosure of sensitive information remotely, without requiring any additional execution privileges. Organizations using affected products should take immediate steps to assess their exposure and apply necessary mitigations.

Affected Version(s)

SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 Android11/Android12

References

https://www.unisoc.com/en_us/secy/announcementDetail/http...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 4, 2023
Vulnerability Reserved
Sep 13, 2023