Lucene search

Samsung MobileCVELIST:CVE-2021-25449

HistorySep 09, 2021 - 6:03 p.m.

CVE-2021-25449

2021-09-0918:03:48

CWE-122

Samsung Mobile

www.cve.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.9%

JSON

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.

CNA Affected

[
  {
    "product": "Samsung Mobile Devices ",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "SMR Sep-2021 Release 1",
        "status": "affected",
        "version": "O(8.1), P(9.0), Q(10.0), R(11.0)",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.9%

JSON

Related for CVELIST:CVE-2021-25449