Lucene search

Samsung MobileCVELIST:CVE-2022-23434

HistoryFeb 11, 2022 - 5:40 p.m.

CVE-2022-23434

2022-02-1117:40:15

CWE-94

Samsung Mobile

www.cve.org

vulnerability

bixby vision

pendingintent

android s

android r

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

5.1

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent.

CNA Affected

[
  {
    "product": "Bixby Vision",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below",
        "status": "affected",
        "version": "-",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

5.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-23434