Lucene search

Samsung MobileCVE-2021-25525

HistoryDec 08, 2021 - 3:15 p.m.

CVE-2021-25525

2021-12-0815:15:08

CWE-754

CWE-703

Samsung Mobile

web.nvd.nist.gov

cve-2021-25525

vulnerability

samsung pay

nfc

exception handling

security issue

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

24.0%

JSON

Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.

Affected configurations

Nvd

Node

samsungpayRange<4.0.65

VendorProductVersionCPE
samsungpay*cpe:2.3:a:samsung:pay:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	pay	*	cpe:2.3:a:samsung:pay::::::::

CNA Affected

[
  {
    "product": "Samsung Pay",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "4.0.65",
        "status": "affected",
        "version": "-",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

24.0%

JSON

Related for CVE-2021-25525