CVE-2022-23835 Information
Jun 07, 2022
cve
Description
DISPUTED The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS messaging application. (Often the IMAP credentials are usable to listen to voice mail messages sent before the vulnerability was exploited in addition to new ones.) NOTE: some vendors characterize this as not a ## CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://www.kb.cert.org/vuls/id/383864 https://gitlab.com/kop316/vvm-disclosure
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.1
Share on: