Lucene search

K
cveMitreCVE-2018-9142
HistoryMar 30, 2018 - 8:29 a.m.

CVE-2018-9142

2018-03-3008:29:00
CWE-20
mitre
web.nvd.nist.gov
22
samsung
mobile devices
vulnerability
apk
secure folder
sd card
validation.

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0.001

Percentile

25.2%

On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.

Affected configurations

Nvd
Node
samsungsamsung_mobileMatch7.0
OR
samsungsamsung_mobileMatch7.1
OR
samsungsamsung_mobileMatch7.1.1
OR
samsungsamsung_mobileMatch7.1.2
VendorProductVersionCPE
samsungsamsung_mobile7.0cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*
samsungsamsung_mobile7.1cpe:2.3:o:samsung:samsung_mobile:7.1:*:*:*:*:*:*:*
samsungsamsung_mobile7.1.1cpe:2.3:o:samsung:samsung_mobile:7.1.1:*:*:*:*:*:*:*
samsungsamsung_mobile7.1.2cpe:2.3:o:samsung:samsung_mobile:7.1.2:*:*:*:*:*:*:*

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0.001

Percentile

25.2%

Related for CVE-2018-9142