CVE-2024-37573 — HIGH (8.4)

Vulnerability Description

The Talkatone com.talkatone.android application 8.4.6 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.talkatone.vedroid.ui.launcher.OutgoingCallInterceptor component.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

References

https://github.com/actuator/com.talkatone.android/blob/main/CVE-2024-37573

FAQ

What is CVE-2024-37573?

CVE-2024-37573 is a vulnerability with a CVSS score of 8.4 (HIGH). The Talkatone com.talkatone.android application 8.4.6 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via ...

How severe is CVE-2024-37573?

CVE-2024-37573 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-37573?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.