Lucene search

[email protected]CVE-2018-9142

HistoryMar 30, 2018 - 8:29 a.m.

CVE-2018-9142

2018-03-3008:29:00

CWE-20

[email protected]

web.nvd.nist.gov

samsung

mobile devices

vulnerability

apk

secure folder

sd card

validation.

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.4%

JSON

On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.

Affected configurations

NVD

Node

samsungsamsung_mobileMatch7.0

samsungsamsung_mobileMatch7.1

samsungsamsung_mobileMatch7.1.1

samsungsamsung_mobileMatch7.1.2

CPENameOperatorVersion
samsung:samsung_mobilesamsung samsung mobileeq7.0
samsung:samsung_mobilesamsung samsung mobileeq7.1
samsung:samsung_mobilesamsung samsung mobileeq7.1.1
samsung:samsung_mobilesamsung samsung mobileeq7.1.2

CPE	Name	Operator	Version
samsung:samsung_mobile	samsung samsung mobile	eq	7.0
samsung:samsung_mobile	samsung samsung mobile	eq	7.1
samsung:samsung_mobile	samsung samsung mobile	eq	7.1.1
samsung:samsung_mobile	samsung samsung mobile	eq	7.1.2

References

security.samsungmobile.com/securityUpdate.smsb

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.4%

JSON

Related for CVE-2018-9142

prion1 cvelist1 nvd1