CVE-2023-27652

low-risk
Published 2023-04-20

An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the update_info field of the _default_.xml file.

Do I need to act?

-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (2)

Super Clean
Super Clean

Affected Vendors

Egostudiogroup

References (6)

Product http://www.egostudiogroup.com/
Product https://apkpure.com/cn/super-clean-phone-cleaner/com.egostudio.clean/download
Exploit https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27652/CVE%20detail.md
Product http://www.egostudiogroup.com/
Product https://apkpure.com/cn/super-clean-phone-cleaner/com.egostudio.clean/download
Exploit https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27652/CVE%20detail.md
26
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 7/34 · Low