Lucene search

[email protected]CVE-2016-7991

HistoryOct 31, 2016 - 10:59 a.m.

CVE-2016-7991

2016-10-3110:59:08

CWE-388

[email protected]

web.nvd.nist.gov

samsung

galaxy

omacp

vulnerability

wap push

sms

unauthorized

config changes

nvd

cve-2016-7991

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:C/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

On Samsung Galaxy S4 through S7 devices, the “omacp” app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.

Affected configurations

NVD

Node

googleandroidMatch4.2.2

googleandroidMatch4.3

googleandroidMatch4.3.1

googleandroidMatch4.4

googleandroidMatch4.4.1

googleandroidMatch4.4.2

googleandroidMatch4.4.3

googleandroidMatch4.4.4

googleandroidMatch5.0

googleandroidMatch5.0.1

googleandroidMatch5.0.2

googleandroidMatch5.1

googleandroidMatch5.1.0

googleandroidMatch5.1.1

googleandroidMatch6.0

googleandroidMatch6.0.1

AND

samsunggalaxy_s4Match-

samsunggalaxy_s4_miniMatch-

samsunggalaxy_s5Match-

samsunggalaxy_s6Match-

samsunggalaxy_s7Match-

CPENameOperatorVersion
google:androidgoogle androideq4.2.2
google:androidgoogle androideq4.3
google:androidgoogle androideq4.3.1
google:androidgoogle androideq4.4
google:androidgoogle androideq4.4.1
google:androidgoogle androideq4.4.2
google:androidgoogle androideq4.4.3
google:androidgoogle androideq4.4.4
google:androidgoogle androideq5.0
google:androidgoogle androideq5.0.1

CPE	Name	Operator	Version
google:android	google android	eq	4.2.2
google:android	google android	eq	4.3
google:android	google android	eq	4.3.1
google:android	google android	eq	4.4
google:android	google android	eq	4.4.1
google:android	google android	eq	4.4.2
google:android	google android	eq	4.4.3
google:android	google android	eq	4.4.4
google:android	google android	eq	5.0
google:android	google android	eq	5.0.1

Rows per page:

1-10 of 161

References

security.samsungmobile.com/smrupdate.html#SMR-AUG-2016

www.securityfocus.com/bid/94088

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:C/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

Related for CVE-2016-7991

cvelist1 prion1 nvd1