Vulnerabilities > CVE-2023-42468 - Unspecified vulnerability in Azmobileapps Color Phone 2.1.82
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
References
- https://github.com/actuator/com.cutestudio.colordialer/blob/main/CWE-284.md
- https://github.com/actuator/com.cutestudio.colordialer/blob/main/CWE-284.md
- https://github.com/actuator/com.cutestudio.colordialer/blob/main/dial.gif
- https://github.com/actuator/com.cutestudio.colordialer/blob/main/dial.gif
- https://github.com/actuator/com.cutestudio.colordialer/blob/main/dialerPOC.apk
- https://github.com/actuator/com.cutestudio.colordialer/blob/main/dialerPOC.apk
- https://github.com/actuator/cve/blob/main/CVE-2023-42468
- https://github.com/actuator/cve/blob/main/CVE-2023-42468