Vulnerability Description
The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | >= 4.1.1, <= 4.4.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127359/Android-OS-Authorization-Missing.htmExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2014/Jul/13ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/68415Third Party AdvisoryVDB Entry
- https://curesec.com/blog/article/blog/35.htmlExploitThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94423Third Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/127359/Android-OS-Authorization-Missing.htmExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2014/Jul/13ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/68415Third Party AdvisoryVDB Entry
- https://curesec.com/blog/article/blog/35.htmlExploitThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94423Third Party AdvisoryVDB Entry
FAQ
What is CVE-2013-6272?
CVE-2013-6272 is a vulnerability with a CVSS score of 7.8 (HIGH). The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls...
How severe is CVE-2013-6272?
CVE-2013-6272 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6272?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.