Login Sign Up

CVE-2023-29727

9.8 CRITICAL

📋 TL;DR

CVE-2023-29727 is a critical vulnerability in Call Blocker 6.6.3 for Android that allows unauthorized applications to delete privacy-related data from the app's database. This enables attackers to disrupt the app's normal functionality and potentially escalate privileges. Only Android users with the vulnerable version of Call Blocker installed are affected.

💻 Affected Systems

Products:
  • Call Blocker for Android
Versions: 6.6.3
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Android devices with the vulnerable version installed. The vulnerability is in the app's exposed components that improperly handle database access.

📦 What is this software?

Call Blocker by Applika

View all CVEs affecting Call Blocker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of call blocking functionality, exposure of privacy settings, and potential privilege escalation allowing further system compromise.

🟠

Likely Case

Disruption of call blocking features, loss of user-configured block lists, and privacy settings being reset or deleted.

🟢

If Mitigated

Minimal impact if app is updated or removed, with only temporary service disruption.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires a malicious app to be installed on the same device. The exposed components allow any app to interact with Call Blocker's database without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.6.4 or later

Vendor Advisory: https://www.call-blocker.info/

Restart Required: Yes

Instructions:

1. Open Google Play Store. 2. Search for 'Call Blocker'. 3. Update to version 6.6.4 or later. 4. Restart the app after update.

🔧 Temporary Workarounds

Uninstall vulnerable version

android

Remove the vulnerable app until patched version is available

adb uninstall com.cuiet.blockCalls

Restrict app permissions

android

Limit app permissions to minimum required functionality

🧯 If You Can't Patch

  • Uninstall the Call Blocker app immediately
  • Use Android's built-in call blocking features instead

🔍 How to Verify

Check if Vulnerable:

Check app version in Android Settings > Apps > Call Blocker > App info

Check Version:

adb shell dumpsys package com.cuiet.blockCalls | grep versionName

Verify Fix Applied:

Verify app version is 6.6.4 or higher in Google Play Store or app settings

📡 Detection & Monitoring

Log Indicators:

  • Unexpected database modifications in Call Blocker logs
  • Permission denial errors from other apps trying to access Call Blocker components

Network Indicators:

  • No network indicators - this is a local app vulnerability

SIEM Query:

No applicable SIEM query - this is a mobile app vulnerability

📊 Metadata

CVE ID: CVE-2023-29727
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-922
Published: May 30, 2023
Last Updated: January 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29727, you might also want to check these:

CVE-2025-12539 10.0

The TNC Toolbox: Web Performance WordPress plugin exposes cPanel API credentials in publicly accessi...

Same vulnerability type (CWE-922)
CVE-2023-32191 9.9

CVE-2023-32191 is a privilege escalation vulnerability in Rancher Kubernetes Engine (RKE) where non-...

Same vulnerability type (CWE-922)
CVE-2021-42371 9.8

CVE-2021-42371 is a critical vulnerability in XoruX LPAR2RRD and STOR2RRD monitoring software where ...

Same vulnerability type (CWE-922)