CVE-2023-38440 - Vulnerability Details

Vendors	Products
Google	Android
Unisoc	Sc7731e Sc9832e Sc9863a T606 T610 T612 T616 T618

Link	Providers
https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38440", "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "state": "PUBLISHED", "assignerShortName": "Unisoc", "dateReserved": "2023-07-18T07:24:19.585Z", "datePublished": "2023-09-04T01:16:02.966Z", "dateUpdated": "2024-10-02T14:41:42.799Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc", "dateUpdated": "2023-09-04T01:16:02.966Z"}, "references": [{"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"}], "affected": [{"defaultStatus": "unaffected", "product": "SC7731E/SC9832E/SC9863A/T606/T612/T616/T610/T618", "versions": [{"version": "Android10/Android11/Android9", "status": "affected"}], "vendor": "Unisoc (Shanghai) Technologies Co., Ltd."}], "descriptions": [{"lang": "en", "value": "In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.620Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T14:41:29.494921Z", "id": "CVE-2023-38440", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T14:41:42.799Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-38440 (string)

assignerOrgId : 63f92e9c-2193-4c24-98a9-93640392c3d3 (string)

state : PUBLISHED (string)

assignerShortName : Unisoc (string)

dateReserved : 2023-07-18T07:24:19.585Z (string)

datePublished : 2023-09-04T01:16:02.966Z (string)

dateUpdated : 2024-10-02T14:41:42.799Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 63f92e9c-2193-4c24-98a9-93640392c3d3 (string)

shortName : Unisoc (string)

dateUpdated : 2023-09-04T01:16:02.966Z (string)

}

references : [ »

0 : { »

url : https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434 (string)

}

]

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : SC7731E/SC9832E/SC9863A/T606/T612/T616/T610/T618 (string)

versions : [ »

0 : { »

version : Android10/Android11/Android9 (string)

status : affected (string)

}

]

vendor : Unisoc (Shanghai) Technologies Co., Ltd. (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T17:39:13.620Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-10-02T14:41:29.494921Z (string)

id : CVE-2023-38440 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-02T14:41:42.799Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.620Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38440", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-02T14:41:29.494921Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T14:41:37.179Z"}}], "cna": {"affected": [{"vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "product": "SC7731E/SC9832E/SC9863A/T606/T612/T616/T610/T618", "versions": [{"status": "affected", "version": "Android10/Android11/Android9"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"}], "descriptions": [{"lang": "en", "value": "In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges"}], "providerMetadata": {"orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc", "dateUpdated": "2023-09-04T01:16:02.966Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38440", "state": "PUBLISHED", "dateUpdated": "2024-10-02T14:41:42.799Z", "dateReserved": "2023-07-18T07:24:19.585Z", "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "datePublished": "2023-09-04T01:16:02.966Z", "assignerShortName": "Unisoc"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T17:39:13.620Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-38440 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-10-02T14:41:29.494921Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-02T14:41:37.179Z (string)

}

]

cna : { »

affected : [ »

0 : { »

vendor : Unisoc (Shanghai) Technologies Co., Ltd. (string)

product : SC7731E/SC9832E/SC9863A/T606/T612/T616/T610/T618 (string)

versions : [ »

0 : { »

status : affected (string)

version : Android10/Android11/Android9 (string)

}

]

defaultStatus : unaffected (string)

}

]

references : [ »

0 : { »

url : https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges (string)

}

]

providerMetadata : { »

orgId : 63f92e9c-2193-4c24-98a9-93640392c3d3 (string)

shortName : Unisoc (string)

dateUpdated : 2023-09-04T01:16:02.966Z (string)

}

cveMetadata : { »

cveId : CVE-2023-38440 (string)

state : PUBLISHED (string)

dateUpdated : 2024-10-02T14:41:42.799Z (string)

dateReserved : 2023-07-18T07:24:19.585Z (string)

assignerOrgId : 63f92e9c-2193-4c24-98a9-93640392c3d3 (string)

datePublished : 2023-09-04T01:16:02.966Z (string)

assignerShortName : Unisoc (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*", "matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*", "matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*", "matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*", "matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709", "vulnerable": false}, {"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*", "matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges"}, {"lang": "es", "value": "En vowifiservice, es posible que falte una comprobaci\u00f3n de permisos, lo que podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin privilegios de ejecuci\u00f3n adicionales. "}], "id": "CVE-2023-38440", "lastModified": "2024-11-21T08:13:34.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-04T02:15:08.677", "references": [{"source": "security@unisoc.com", "tags": ["Vendor Advisory"], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434"}], "sourceIdentifier": "security@unisoc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 109DD7FD-3A48-4C3D-8E1A-4433B98E1E64 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:* (string)

matchCriteriaId : AC867249-B767-4802-868D-6D0E356C8294 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 25BBD3C5-E87C-4730-970C-19DF855AC3A2 (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DE00DFDE-97DD-4D33-B580-73FEF677C71B (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 905E39DD-7948-40A4-B042-EBB9A9591347 (string)

vulnerable : false (boolean)

}

4 : { »

criteria : cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:* (string)

matchCriteriaId : CDC980D6-B797-4AE1-B553-35395AE80D07 (string)

vulnerable : false (boolean)

}

5 : { »

criteria : cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 98408A48-561A-49D1-967F-834311742B7F (string)

vulnerable : false (boolean)

}

6 : { »

criteria : cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 756E5850-CDC7-46C2-BAFC-1E2A359A2709 (string)

vulnerable : false (boolean)

}

7 : { »

criteria : cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 39002ECE-636A-4FEB-9A0B-8127E8AAC844 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges (string)

}

1 : { »

lang : es (string)

value : En vowifiservice, es posible que falte una comprobación de permisos, lo que podría dar lugar a la divulgación de información local sin privilegios de ejecución adicionales. (string)

}

]

id : CVE-2023-38440 (string)

lastModified : 2024-11-21T08:13:34.803 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-09-04T02:15:08.677 (string)

references : [ »

0 : { »

source : security@unisoc.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1698296481653522434 (string)

}

]

sourceIdentifier : security@unisoc.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-862 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object