Lucene search

[email protected]CVE-2024-20871

HistoryMay 07, 2024 - 5:15 a.m.

CVE-2024-20871

2024-05-0705:15:51

[email protected]

web.nvd.nist.gov

samsung keyboard

improper authorization

factory reset protection

4.9 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.8%

JSON

Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Keyboard",
    "versions": [
      {
        "status": "unaffected",
        "version": "One UI 5.1.1"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2024&month=05

4.9 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.8%

JSON

Related for CVE-2024-20871

cvelist1 nvd1