CVE-2022-23835
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS messaging application. (Often, the IMAP credentials are usable to listen to voice mail messages sent before the vulnerability was exploited, in addition to new ones.) NOTE: some vendors characterize this as not a "concrete and exploitable risk.
** EN DISPUTA ** La aplicación Visual Voice Mail (VVM) versiones hasta el 2022-02-24 para Android, permite un acceso persistente si un atacante controla temporalmente una aplicación que presenta el permiso READ_SMS, y lee un mensaje de credenciales IMAP que (por diseño) no es mostrado a la víctima dentro de la aplicación de mensajería AOSP SMS/MMS. (A menudo, las credenciales IMAP pueden usarse para escuchar los mensajes de correo de voz enviados antes de que sea explotada la vulnerabilidad, además de los nuevos). NOTA: algunos vendedores caracterizan esto como un "riesgo concreto y explotable".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-21 CVE Reserved
- 2022-02-25 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-11-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.kb.cert.org/vuls/id/383864 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://gitlab.com/kop316/vvm-disclosure | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Visual Voice Mail Project Search vendor "Visual Voice Mail Project" | Visual Voice Mail Search vendor "Visual Voice Mail Project" for product "Visual Voice Mail" | <= 2022-02-24 Search vendor "Visual Voice Mail Project" for product "Visual Voice Mail" and version " <= 2022-02-24" | android |
Affected
|