Lucene search

[email protected]CVE-2018-16269

HistoryJan 22, 2020 - 1:15 p.m.

CVE-2018-16269

2020-01-2213:15:10

CWE-200

[email protected]

web.nvd.nist.gov

cve-2018-16269

samsung galaxy gear

tizen

firmware

d-bus

security policy

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

JSON

The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Affected configurations

NVD

Node

samsunggalaxy_gear_firmwareRange<re2

AND

samsunggalaxy_gearMatch-

Node

samsunggear_2_firmwareRange<re2

AND

samsunggear_2Match-

Node

samsunggear_live_firmwareRange<re2

AND

samsunggear_liveMatch-

Node

samsunggear_s_firmwareRange<re2

AND

samsunggear_sMatch-

Node

samsunggear_s2_firmwareRange<re2

AND

samsunggear_s2Match-

Node

samsunggear_s3_firmwareRange<re2

AND

samsunggear_s3Match-

Node

samsunggear_sport_firmwareRange<re2

AND

samsunggear_sportMatch-

Node

samsunggear_fit_firmwareRange<re2

AND

samsunggear_fitMatch-

Node

samsunggear_fit_2_firmwareRange<re2

AND

samsunggear_fit_2Match-

Node

samsunggear_fit_2_pro_firmwareRange<re2

AND

samsunggear_fit_2_proMatch-

CPENameOperatorVersion
samsung:galaxy_gear_firmwaresamsung galaxy gear firmwareltre2

CPE	Name	Operator	Version
samsung:galaxy_gear_firmware	samsung galaxy gear firmware	lt	re2

References

media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf

www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

JSON

Related for CVE-2018-16269

cvelist1 nvd1 prion1