Missing Authorization in UNISOC products - CVE-2022-44439
Published: January 6, 2023
Vulnerability identifier: #VU70758
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-44439
CWE-ID: CWE-862
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: UNISOC
Affected software:
SC9863A
SC9832E
SC7731E
T610
T310
T606
T760
T618
T612
T616
T770
T820
S8000
SC9863A
SC9832E
SC7731E
T610
T310
T606
T760
T618
T612
T616
T770
T820
S8000
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.
How to mitigate CVE-2022-44439
Install security update from vendor's website.