Unauthenticated Access to VoLTE Sensitive Information in unisoc Devices

CVE-2021-39635 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

ims_ex is a vendor system service used to manage VoLTE in unisoc devices，But it does not verify the caller's permissions，so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634

Learn more about our Cis Benchmark Audit For Google Android.