Lucene search

[email protected]CVE-2023-21447

HistoryFeb 09, 2023 - 7:15 p.m.

CVE-2023-21447

2023-02-0919:15:16

CWE-668

CWE-284

[email protected]

web.nvd.nist.gov

cve-2023-21447

improper access control

samsung cloud

vulnerability

local attackers

privilege escalation

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent.

CPENameOperatorVersion
samsung:cloudsamsung cloudlt5.3.0.32
samsung:cloudsamsung cloudeq-
samsung:cloudsamsung cloudeq5.1.0.8
samsung:cloudsamsung cloudeq4.7.0.3

CPE	Name	Operator	Version
samsung:cloud	samsung cloud	lt	5.3.0.32
samsung:cloud	samsung cloud	eq	-
samsung:cloud	samsung cloud	eq	5.1.0.8
samsung:cloud	samsung cloud	eq	4.7.0.3

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2023-21447

prion1