Lucene search

Samsung MobileCVELIST:CVE-2021-25525

HistoryDec 08, 2021 - 2:20 p.m.

CVE-2021-25525

2021-12-0814:20:47

CWE-703

Samsung Mobile

www.cve.org

samsung pay

nfc vulnerability

exception handling

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L

EPSS

0.001

Percentile

24.0%

JSON

Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.

CNA Affected

[
  {
    "product": "Samsung Pay",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "4.0.65",
        "status": "affected",
        "version": "-",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:L

EPSS

0.001

Percentile

24.0%

JSON

Related for CVELIST:CVE-2021-25525