CVE-2024-53934

{"id": "CVE-2024-53934", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.5}]}, "published": "2025-01-06T22:15:10.410", "references": [{"url": "https://github.com/actuator/com.windymob.callscreen.ringtone.callcolor.colorphone", "source": "cve@mitre.org"}, {"url": "https://github.com/actuator/com.windymob.callscreen.ringtone.callcolor.colorphone/blob/main/CVE-2024-53934", "source": "cve@mitre.org"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-281"}]}], "descriptions": [{"lang": "en", "value": "The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.frovis.androidbase.call.DialerActivity component."}, {"lang": "es", "value": "La aplicaci\u00f3n com.windymob.callscreen.ringtone.callcolor.colorphone (tambi\u00e9n conocida como Color Phone Call Screen Themes) hasta la versi\u00f3n 1.1.2 para Android permite que cualquier aplicaci\u00f3n (sin permisos) realice llamadas telef\u00f3nicas sin interacci\u00f3n del usuario enviando una intenci\u00f3n manipulada a trav\u00e9s del componente com.frovis.androidbase.call.DialerActivity."}], "lastModified": "2025-01-08T17:15:15.630", "sourceIdentifier": "cve@mitre.org"}