CVE-2023-27654

moderate-risk
Published 2023-04-14

An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component.

Do I need to act?

-
0.43% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (3)

Who
Who
Who

Affected Vendors

Whoapp

References (6)

Exploit https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27654/CVE%20detail.md
Product https://play.google.com/store/apps/details?id=com.scorp.who
Product https://www.whoapp.live/
Exploit https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27654/CVE%20detail.md
Product https://play.google.com/store/apps/details?id=com.scorp.who
Product https://www.whoapp.live/
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 9/34 · Low