Main Vulnerability Database Vulnerabilities #VU49851

#VU49851 Information disclosure in Mocha

Published: January 20, 2021

Vulnerability identifier: #VU49851

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mocha

Software vendor:
Viettel Media Inc.

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to deisgn errors during implementation of the app. A remote attacker can send specially crafted SDP messages to the affected device while the victim is trying to make a voice or video call and intercept video and audio fragments from the victim's phone before the call is accepted by the callee.

Remediation

Install updates from vendor's website.

External links

https://www.bleepingcomputer.com/news/security/bugs-in-signal-facebook-google-chat-apps-let-attackers-spy-on-users/
https://bugs.chromium.org/p/project-zero/issues/detail?id=2064&q=mocha&can=1

#VU49851 Information disclosure in Mocha

Description

Remediation

External links

Please verify you're human