Login Sign Up

CVE-2023-27654

9.8 CRITICAL

📋 TL;DR

This vulnerability in WHO app versions 1.0.28, 1.0.30, and 1.0.32 allows attackers to escalate privileges via the TTMultiProvider component. Attackers could gain elevated access to perform unauthorized actions within the app. Users of these specific WHO app versions on Android are affected.

💻 Affected Systems

Products:
  • WHO app
Versions: 1.0.28, 1.0.30, 1.0.32
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects specific versions of the WHO app available on Google Play Store.

📦 What is this software?

Who by Whoapp

View all CVEs affecting Who →

Who by Whoapp

View all CVEs affecting Who →

Who by Whoapp

View all CVEs affecting Who →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of app functionality, unauthorized access to user data, and potential device takeover if combined with other vulnerabilities.

🟠

Likely Case

Unauthorized access to app features and user data, manipulation of app settings, and potential financial or privacy impact.

🟢

If Mitigated

Limited impact with proper app sandboxing and minimal permissions, though some app-specific data could still be compromised.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the device and the vulnerable app installed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 1.0.32

Vendor Advisory: https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27654/CVE%20detail.md

Restart Required: Yes

Instructions:

1. Open Google Play Store 2. Search for 'WHO' app 3. Check current version 4. If version is 1.0.28, 1.0.30, or 1.0.32, update to latest version 5. Restart device after update

🔧 Temporary Workarounds

Uninstall vulnerable app

android

Remove the vulnerable WHO app version from the device

adb uninstall com.scorp.who

Restrict app permissions

android

Limit app permissions to minimum required functionality

🧯 If You Can't Patch

  • Uninstall the WHO app completely
  • Use alternative secure communication apps

🔍 How to Verify

Check if Vulnerable:

Check app version in Settings > Apps > WHO > App info

Check Version:

adb shell dumpsys package com.scorp.who | grep versionName

Verify Fix Applied:

Verify app version is higher than 1.0.32 in Google Play Store

📡 Detection & Monitoring

Log Indicators:

  • Unusual permission requests from WHO app
  • Suspicious activity in app logs

Network Indicators:

  • Unexpected network traffic from WHO app

SIEM Query:

app.name:"WHO" AND version:"1.0.28" OR version:"1.0.30" OR version:"1.0.32"

📊 Metadata

CVE ID: CVE-2023-27654
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-269
Published: April 14, 2023
Last Updated: February 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27654, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)