Lucene search

SamsungMobileCVE-2024-34654

HistorySep 04, 2024 - 6:15 a.m.

CVE-2024-34654

2024-09-0406:15:15

SamsungMobile

web.nvd.nist.gov

cve-2024-34654

improper export

android application

component

my files

smr sep-2024

local attackers

access files

privilege

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.6%

JSON

Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files’ privilege.

Affected configurations

Nvd

Node

samsungandroidMatch13.0-

samsungandroidMatch13.0smr-apr-2022-r1

samsungandroidMatch13.0smr-apr-2023-r1

samsungandroidMatch13.0smr-apr-2024-r1

samsungandroidMatch13.0smr-aug-2022-r1

samsungandroidMatch13.0smr-aug-2023-r1

samsungandroidMatch13.0smr-aug-2024-r1

samsungandroidMatch13.0smr-dec-2021-r1

samsungandroidMatch13.0smr-dec-2022-r1

samsungandroidMatch13.0smr-dec-2023-r1

samsungandroidMatch13.0smr-feb-2022-r1

samsungandroidMatch13.0smr-feb-2023-r1

samsungandroidMatch13.0smr-feb-2024-r1

samsungandroidMatch13.0smr-jan-2022-r1

samsungandroidMatch13.0smr-jan-2023-r1

samsungandroidMatch13.0smr-jan-2024-r1

samsungandroidMatch13.0smr-jul-2022-r1

samsungandroidMatch13.0smr-jul-2023-r1

samsungandroidMatch13.0smr-jul-2024-r1

samsungandroidMatch13.0smr-jun-2022-r1

samsungandroidMatch13.0smr-jun-2023-r1

samsungandroidMatch13.0smr-jun-2024-r1

samsungandroidMatch13.0smr-mar-2022-r1

samsungandroidMatch13.0smr-mar-2023-r1

samsungandroidMatch13.0smr-mar-2024-r1

samsungandroidMatch13.0smr-may-2022-r1

samsungandroidMatch13.0smr-may-2023-r1

samsungandroidMatch13.0smr-may-2024-r1

samsungandroidMatch13.0smr-nov-2021-r1

samsungandroidMatch13.0smr-nov-2022-r1

samsungandroidMatch13.0smr-nov-2023-r1

samsungandroidMatch13.0smr-oct-2022-r1

samsungandroidMatch13.0smr-oct-2023-r1

samsungandroidMatch13.0smr-sep-2022-r1

samsungandroidMatch13.0smr-sep-2023-r1

samsungandroidMatch14.0-

samsungandroidMatch14.0smr-apr-2022-r1

samsungandroidMatch14.0smr-apr-2023-r1

samsungandroidMatch14.0smr-apr-2024-r1

samsungandroidMatch14.0smr-aug-2022-r1

samsungandroidMatch14.0smr-aug-2023-r1

samsungandroidMatch14.0smr-aug-2024-r1

samsungandroidMatch14.0smr-dec-2021-r1

samsungandroidMatch14.0smr-dec-2022-r1

samsungandroidMatch14.0smr-dec-2023-r1

samsungandroidMatch14.0smr-feb-2022-r1

samsungandroidMatch14.0smr-feb-2023-r1

samsungandroidMatch14.0smr-feb-2024-r1

samsungandroidMatch14.0smr-jan-2022-r1

samsungandroidMatch14.0smr-jan-2023-r1

samsungandroidMatch14.0smr-jan-2024-r1

samsungandroidMatch14.0smr-jul-2022-r1

samsungandroidMatch14.0smr-jul-2023-r1

samsungandroidMatch14.0smr-jul-2024-r1

samsungandroidMatch14.0smr-jun-2022-r1

samsungandroidMatch14.0smr-jun-2023-r1

samsungandroidMatch14.0smr-jun-2024-r1

samsungandroidMatch14.0smr-mar-2022-r1

samsungandroidMatch14.0smr-mar-2023-r1

samsungandroidMatch14.0smr-mar-2024-r1

samsungandroidMatch14.0smr-may-2022-r1

samsungandroidMatch14.0smr-may-2023-r1

samsungandroidMatch14.0smr-may-2024-r1

samsungandroidMatch14.0smr-nov-2021-r1

samsungandroidMatch14.0smr-nov-2022-r1

samsungandroidMatch14.0smr-nov-2023-r1

samsungandroidMatch14.0smr-oct-2022-r1

samsungandroidMatch14.0smr-oct-2023-r1

samsungandroidMatch14.0smr-sep-2022-r1

samsungandroidMatch14.0smr-sep-2023-r1

VendorProductVersionCPE
samsungandroid13.0cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*
samsungandroid13.0cpe:2.3:o:samsung:android:13.0:smr-apr-2022-r1:*:*:*:*:*:*
samsungandroid13.0cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*
samsungandroid13.0cpe:2.3:o:samsung:android:13.0:smr-apr-2024-r1:*:*:*:*:*:*
samsungandroid13.0cpe:2.3:o:samsung:android:13.0:smr-aug-2022-r1:*:*:*:*:*:*
samsungandroid13.0cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*
samsungandroid13.0cpe:2.3:o:samsung:android:13.0:smr-aug-2024-r1:*:*:*:*:*:*
samsungandroid13.0cpe:2.3:o:samsung:android:13.0:smr-dec-2021-r1:*:*:*:*:*:*
samsungandroid13.0cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*
samsungandroid13.0cpe:2.3:o:samsung:android:13.0:smr-dec-2023-r1:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	android	13.0	cpe:2.3:o:samsung:android:13.0:-::::::
samsung	android	13.0	cpe:2.3:o:samsung:android:13.0:smr-apr-2022-r1::::::
samsung	android	13.0	cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1::::::
samsung	android	13.0	cpe:2.3:o:samsung:android:13.0:smr-apr-2024-r1::::::
samsung	android	13.0	cpe:2.3:o:samsung:android:13.0:smr-aug-2022-r1::::::
samsung	android	13.0	cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1::::::
samsung	android	13.0	cpe:2.3:o:samsung:android:13.0:smr-aug-2024-r1::::::
samsung	android	13.0	cpe:2.3:o:samsung:android:13.0:smr-dec-2021-r1::::::
samsung	android	13.0	cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1::::::
samsung	android	13.0	cpe:2.3:o:samsung:android:13.0:smr-dec-2023-r1::::::

Rows per page:

1-10 of 701

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "status": "unaffected",
        "version": "SMR Sep-2024 Release in Android 13, 14"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2024&month=09

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.6%

JSON

Related for CVE-2024-34654