Lucene search

SamsungMobileCVE-2024-34651

HistorySep 04, 2024 - 6:15 a.m.

CVE-2024-34651

2024-09-0406:15:14

CWE-863

SamsungMobile

web.nvd.nist.gov

improper authorization

my files

smr sep-2024

local attackers

restricted data

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.6%

JSON

Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.

Affected configurations

Nvd

Node

samsungandroidMatch12.0-

samsungandroidMatch12.0smr-apr-2022-r1

samsungandroidMatch12.0smr-apr-2023-r1

samsungandroidMatch12.0smr-apr-2024-r1

samsungandroidMatch12.0smr-aug-2022-r1

samsungandroidMatch12.0smr-aug-2023-r1

samsungandroidMatch12.0smr-aug-2024-r1

samsungandroidMatch12.0smr-dec-2021-r1

samsungandroidMatch12.0smr-dec-2022-r1

samsungandroidMatch12.0smr-dec-2023-r1

samsungandroidMatch12.0smr-feb-2022-r1

samsungandroidMatch12.0smr-feb-2023-r1

samsungandroidMatch12.0smr-feb-2024-r1

samsungandroidMatch12.0smr-jan-2022-r1

samsungandroidMatch12.0smr-jan-2023-r1

samsungandroidMatch12.0smr-jan-2024-r1

samsungandroidMatch12.0smr-jul-2022-r1

samsungandroidMatch12.0smr-jul-2023-r1

samsungandroidMatch12.0smr-jul-2024-r1

samsungandroidMatch12.0smr-jun-2022-r1

samsungandroidMatch12.0smr-jun-2023-r1

samsungandroidMatch12.0smr-jun-2024-r1

samsungandroidMatch12.0smr-mar-2022-r1

samsungandroidMatch12.0smr-mar-2023-r1

samsungandroidMatch12.0smr-mar-2024-r1

samsungandroidMatch12.0smr-may-2022-r1

samsungandroidMatch12.0smr-may-2023-r1

samsungandroidMatch12.0smr-may-2024-r1

samsungandroidMatch12.0smr-nov-2021-r1

samsungandroidMatch12.0smr-nov-2022-r1

samsungandroidMatch12.0smr-nov-2023-r1

samsungandroidMatch12.0smr-oct-2022-r1

samsungandroidMatch12.0smr-oct-2023-r1

samsungandroidMatch12.0smr-sep-2022-r1

samsungandroidMatch12.0smr-sep-2023-r1

samsungandroidMatch13.0-

samsungandroidMatch13.0smr-apr-2022-r1

samsungandroidMatch13.0smr-apr-2023-r1

samsungandroidMatch13.0smr-apr-2024-r1

samsungandroidMatch13.0smr-aug-2022-r1

samsungandroidMatch13.0smr-aug-2023-r1

samsungandroidMatch13.0smr-aug-2024-r1

samsungandroidMatch13.0smr-dec-2021-r1

samsungandroidMatch13.0smr-dec-2022-r1

samsungandroidMatch13.0smr-dec-2023-r1

samsungandroidMatch13.0smr-feb-2022-r1

samsungandroidMatch13.0smr-feb-2023-r1

samsungandroidMatch13.0smr-feb-2024-r1

samsungandroidMatch13.0smr-jan-2022-r1

samsungandroidMatch13.0smr-jan-2023-r1

samsungandroidMatch13.0smr-jan-2024-r1

samsungandroidMatch13.0smr-jul-2022-r1

samsungandroidMatch13.0smr-jul-2023-r1

samsungandroidMatch13.0smr-jul-2024-r1

samsungandroidMatch13.0smr-jun-2022-r1

samsungandroidMatch13.0smr-jun-2023-r1

samsungandroidMatch13.0smr-jun-2024-r1

samsungandroidMatch13.0smr-mar-2022-r1

samsungandroidMatch13.0smr-mar-2023-r1

samsungandroidMatch13.0smr-mar-2024-r1

samsungandroidMatch13.0smr-may-2022-r1

samsungandroidMatch13.0smr-may-2023-r1

samsungandroidMatch13.0smr-may-2024-r1

samsungandroidMatch13.0smr-nov-2021-r1

samsungandroidMatch13.0smr-nov-2022-r1

samsungandroidMatch13.0smr-nov-2023-r1

samsungandroidMatch13.0smr-oct-2022-r1

samsungandroidMatch13.0smr-oct-2023-r1

samsungandroidMatch13.0smr-sep-2022-r1

samsungandroidMatch13.0smr-sep-2023-r1

samsungandroidMatch14.0-

samsungandroidMatch14.0smr-apr-2022-r1

samsungandroidMatch14.0smr-apr-2023-r1

samsungandroidMatch14.0smr-apr-2024-r1

samsungandroidMatch14.0smr-aug-2022-r1

samsungandroidMatch14.0smr-aug-2023-r1

samsungandroidMatch14.0smr-aug-2024-r1

samsungandroidMatch14.0smr-dec-2021-r1

samsungandroidMatch14.0smr-dec-2022-r1

samsungandroidMatch14.0smr-dec-2023-r1

samsungandroidMatch14.0smr-feb-2022-r1

samsungandroidMatch14.0smr-feb-2023-r1

samsungandroidMatch14.0smr-feb-2024-r1

samsungandroidMatch14.0smr-jan-2022-r1

samsungandroidMatch14.0smr-jan-2023-r1

samsungandroidMatch14.0smr-jan-2024-r1

samsungandroidMatch14.0smr-jul-2022-r1

samsungandroidMatch14.0smr-jul-2023-r1

samsungandroidMatch14.0smr-jul-2024-r1

samsungandroidMatch14.0smr-jun-2022-r1

samsungandroidMatch14.0smr-jun-2023-r1

samsungandroidMatch14.0smr-jun-2024-r1

samsungandroidMatch14.0smr-mar-2022-r1

samsungandroidMatch14.0smr-mar-2023-r1

samsungandroidMatch14.0smr-mar-2024-r1

samsungandroidMatch14.0smr-may-2022-r1

samsungandroidMatch14.0smr-may-2023-r1

samsungandroidMatch14.0smr-may-2024-r1

samsungandroidMatch14.0smr-nov-2021-r1

samsungandroidMatch14.0smr-nov-2022-r1

samsungandroidMatch14.0smr-nov-2023-r1

samsungandroidMatch14.0smr-oct-2022-r1

samsungandroidMatch14.0smr-oct-2023-r1

samsungandroidMatch14.0smr-sep-2022-r1

samsungandroidMatch14.0smr-sep-2023-r1

VendorProductVersionCPE
samsungandroid12.0cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*
samsungandroid12.0cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*
samsungandroid12.0cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:*
samsungandroid12.0cpe:2.3:o:samsung:android:12.0:smr-apr-2024-r1:*:*:*:*:*:*
samsungandroid12.0cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*
samsungandroid12.0cpe:2.3:o:samsung:android:12.0:smr-aug-2023-r1:*:*:*:*:*:*
samsungandroid12.0cpe:2.3:o:samsung:android:12.0:smr-aug-2024-r1:*:*:*:*:*:*
samsungandroid12.0cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*
samsungandroid12.0cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*
samsungandroid12.0cpe:2.3:o:samsung:android:12.0:smr-dec-2023-r1:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	android	12.0	cpe:2.3:o:samsung:android:12.0:-::::::
samsung	android	12.0	cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1::::::
samsung	android	12.0	cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1::::::
samsung	android	12.0	cpe:2.3:o:samsung:android:12.0:smr-apr-2024-r1::::::
samsung	android	12.0	cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1::::::
samsung	android	12.0	cpe:2.3:o:samsung:android:12.0:smr-aug-2023-r1::::::
samsung	android	12.0	cpe:2.3:o:samsung:android:12.0:smr-aug-2024-r1::::::
samsung	android	12.0	cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1::::::
samsung	android	12.0	cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1::::::
samsung	android	12.0	cpe:2.3:o:samsung:android:12.0:smr-dec-2023-r1::::::

Rows per page:

1-10 of 1051

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "status": "unaffected",
        "version": "SMR Sep-2024 Release in Android 12, 13, 14"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2024&month=09

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.6%

JSON

Related for CVE-2024-34651