QwikSec

Security Database

CVE

CWE

Training

CVE-2013-6272

Published: May 2, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20140706 Conduct phonecalls on Android without the necessary permission, advisory+testapplication+exploits for testing (CVE-2013-6272 and CVE-2014-N/A)

mailing-list

x_refsource_FULLDISC

google-android-cve20136272-sec-bypass(94423)

vdb-entry

x_refsource_XF

http://packetstormsecurity.com/files/127359/Android-OS-Authorization-Missing.html

x_refsource_MISC

https://curesec.com/blog/article/blog/35.html

x_refsource_MISC

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.