Published:2024/02/14 Last Updated:2024/02/14
JVNVU#93381734
Android App "Mopria Print Service" vulnerable to improper intent handling
Overview
Android App "Mopria Print Service" is vulnerable to improper intent handling.
Products Affected
- Mopria Print Service prior to version 2.17
Description
Android app "Mopria Print Service" provided by Mopria Alliance is vulnerable to improper intent handling (CWE-668).
Impact
When a malicious app is installed on the victim user's Android device, the app may send an intent to the affected app to retrieve sensitive information.
Solution
Update the Application
Update the application to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Mopria Alliance | Print From Android |
| Mopria Print Service (Google Play) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score:
5.5
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Comment
The analysis assumes that a victim user is tricked into installing a malicious app on the device.
Credit
Johan Francsics reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2024-25555 |
| JVN iPedia |
|