Lucene search
SamsungMobileCVE-2024-34639HistorySep 04, 2024 - 6:15 a.m.
CVE-2024-34639
2024-09-0406:15:11
CWE-755
SamsungMobile
web.nvd.nist.gov
22
improper handling
setupwizard
smr aug-2024
physical attackers
validation bypass
CVSS3
4.6
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
16.4%
Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.
Affected configurations
Node
samsungandroidMatch12.0-
ORsamsungandroidMatch12.0smr-apr-2022-r1
ORsamsungandroidMatch12.0smr-apr-2023-r1
ORsamsungandroidMatch12.0smr-aug-2022-r1
ORsamsungandroidMatch12.0smr-dec-2021-r1
ORsamsungandroidMatch12.0smr-dec-2022-r1
ORsamsungandroidMatch12.0smr-feb-2022-r1
ORsamsungandroidMatch12.0smr-feb-2023-r1
ORsamsungandroidMatch12.0smr-jan-2022-r1
ORsamsungandroidMatch12.0smr-jan-2023-r1
ORsamsungandroidMatch12.0smr-jul-2022-r1
ORsamsungandroidMatch12.0smr-jul-2023-r1
ORsamsungandroidMatch12.0smr-jun-2022-r1
ORsamsungandroidMatch12.0smr-jun-2023-r1
ORsamsungandroidMatch12.0smr-mar-2022-r1
ORsamsungandroidMatch12.0smr-mar-2023-r1
ORsamsungandroidMatch12.0smr-may-2022-r1
ORsamsungandroidMatch12.0smr-may-2023-r1
ORsamsungandroidMatch12.0smr-nov-2021-r1
ORsamsungandroidMatch12.0smr-nov-2022-r1
ORsamsungandroidMatch12.0smr-oct-2022-r1
ORsamsungandroidMatch12.0smr-sep-2022-r1
ORsamsungandroidMatch13.0-
ORsamsungandroidMatch13.0smr-apr-2023-r1
ORsamsungandroidMatch13.0smr-dec-2022-r1
ORsamsungandroidMatch13.0smr-feb-2023-r1
ORsamsungandroidMatch13.0smr-jan-2023-r1
ORsamsungandroidMatch13.0smr-jul-2023-r1
ORsamsungandroidMatch13.0smr-jun-2023-r1
ORsamsungandroidMatch13.0smr-mar-2023-r1
ORsamsungandroidMatch13.0smr-may-2023-r1
ORsamsungandroidMatch13.0smr-nov-2022-r1
ORsamsungandroidMatch13.0smr-oct-2022-r1
ORsamsungandroidMatch14.0smr-apr-2024-r1
ORsamsungandroidMatch14.0smr-feb-2024-r1
ORsamsungandroidMatch14.0smr-jan-2024-r1
ORsamsungandroidMatch14.0smr-jul-2024-r1
ORsamsungandroidMatch14.0smr-jun-2024-r1
ORsamsungandroidMatch14.0smr-mar-2024-r1
ORsamsungandroidMatch14.0smr-may-2024-r1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:* |
| samsung | android | 12.0 | cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Samsung Mobile",
"product": "Samsung Mobile Devices",
"versions": [
{
"status": "unaffected",
"version": "SMR Aug-2024 Release in Android 14"
}
],
"defaultStatus": "affected"
}
]Related
vulnrichment
vulnrichment
CVE-2024-34639
2024-09-04 05:32:21
nvd
nvd
CVE-2024-34639
2024-09-04 06:15:11
cvelist
cvelist
CVE-2024-34639
2024-09-04 05:32:21
CVSS3
4.6
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
16.4%
Related for CVE-2024-34639