Lucene search

Samsung MobileCVELIST:CVE-2021-25361

HistoryApr 09, 2021 - 5:35 p.m.

CVE-2021-25361

2021-04-0917:35:43

CWE-22

Samsung Mobile

www.cve.org

improper access control

stickercenter

local attackers

arbitrary files

untrusted applications

file system access

CVSS3

7.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N

AI Score

8.6

Confidence

High

EPSS

Percentile

9.9%

JSON

An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.

CNA Affected

[
  {
    "product": "Samsung Mobile Devices",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "SMR APR-2021 Release 1",
        "status": "affected",
        "version": "P(9.0), Q(10.0)",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/

security.samsungmobile.com/securityUpdate.smsb

CVSS3

7.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N

AI Score

8.6

Confidence

High

EPSS

Percentile

9.9%

JSON

Related for CVELIST:CVE-2021-25361