Description
A certain software build for the Orbic Maui device (Orbic/RC545L/RC545L:10/ORB545L_V1.4.2_BVZPP/230106:user/release-keys) leaks the IMEI and the ICCID to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in this instance they are leaked by a high-privilege process and can be obtained indirectly. This malicious app reads from the "persist.sys.verizon_test_plan_imei" system property to indirectly obtain the IMEI and reads the "persist.sys.verizon_test_plan_iccid" system property to obtain the ICCID.
INFO
Published Date :
2024-04-22T00:00:00.000Z
Last Modified :
2024-08-02T17:39:12.682Z
Source :
mitre
AFFECTED PRODUCTS
The following products are affected by CVE-2023-38300 vulnerability.
| Vendors | Products |
|---|---|
| Orbic |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2023-38300.