CVE-2021-39635

CRITICAL

Android - Unauthenticated VoLTE Information Disclosure and Call Management via ims_ex Service

Title source: llm
STIX 2.1

Description

ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634

References (1)

Core 1
Core References

Scores

CVSS v3 9.1
EPSS 0.0049
EPSS Percentile 38.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-276
Status published
Products (1)
google/android
Published Feb 11, 2022
Tracked Since Feb 18, 2026