Lucene search

[email protected]CVE-2024-20837

HistoryMar 05, 2024 - 5:15 a.m.

CVE-2024-20837

2024-03-0505:15:11

[email protected]

web.nvd.nist.gov

cve-2024-20837

samsung internet

security vulnerability

permission granting

local attackers

twa webapps

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Internet",
    "versions": [
      {
        "status": "unaffected",
        "version": "24.0.0.41"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03