Lucene search

Samsung MobileCVELIST:CVE-2022-28789

HistoryMay 03, 2022 - 7:42 p.m.

CVE-2022-28789

2022-05-0319:42:17

CWE-862

Samsung Mobile

www.cve.org

voice note

unauthorized access

user interaction

patch

permission.

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities.

CNA Affected

[
  {
    "product": "Voice Note",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "21.3.51.11",
        "status": "affected",
        "version": "-",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-28789