Lucene search

Samsung MobileCVELIST:CVE-2021-25397

HistoryJun 11, 2021 - 2:45 p.m.

CVE-2021-25397

2021-06-1114:45:22

CWE-926

Samsung Mobile

www.cve.org

cve-2021-25397

telephonyui

access control

vulnerability

smr may-2021

local attackers

arbitrary files

telephony process

untrusted applications

CVSS3

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

EPSS

Percentile

5.1%

JSON

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

CNA Affected

[
  {
    "product": "Samsung Mobile Devices ",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "SMR MAY-2021 Release 1",
        "status": "affected",
        "version": "P(9.0), Q(10.0), R(11.0)",
        "versionType": "custom"
      }
    ]
  }
]

References

blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/

security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5

CVSS3

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-25397