CVE-2023-42545
First published: Tue Nov 07 2023(Updated: )
Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data.
Credit: mobile.security@samsung.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Phone | <12.7.20.12 | |
| Samsung Android | =11.0 | |
| Samsung Phone | <13.1.48 | |
| Samsung Phone | >=13.5.0<13.5.28 | |
| Samsung Android | =12.0 | |
| Samsung Phone | <14.7.38 | |
| Samsung Android | =13.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-42545?
CVE-2023-42545 is a vulnerability in the Phone app on Samsung devices running Android 11, 12, and 13.
What is the severity of CVE-2023-42545?
CVE-2023-42545 has a severity rating of 7.5, which is considered high.
How does CVE-2023-42545 work?
CVE-2023-42545 is caused by the use of implicit intent for sensitive communication in the Phone app, allowing attackers to access location data.
Which Samsung devices are affected by CVE-2023-42545?
Samsung devices running Android versions prior to 12.7.20.12, 13.1.48, 13.5.28, and 14.7.38 are affected by CVE-2023-42545.
How can I fix CVE-2023-42545?
To fix CVE-2023-42545, make sure to update your Samsung Phone app to version 12.7.20.12 or newer, 13.1.48 or newer, 13.5.28 or newer, or 14.7.38 or newer.
- collector/nvd-api
- agent/type
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/softwarecombine
- agent/tags
- vendor/samsung
- canonical/samsung phone
- canonical/samsung android
- version/samsung android/11.0
- version/samsung phone/13.5.0
- version/samsung android/12.0
- version/samsung android/13.0