Lucene search

Samsung MobileCVELIST:CVE-2022-39879

HistoryNov 09, 2022 - 12:00 a.m.

CVE-2022-39879

2022-11-0900:00:00

CWE-285

Samsung Mobile

www.cve.org

improper authorization

callbgprovider

smr nov-2022

local attacker

permission

phone uid

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

5.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "version": "R(11), S(12)",
        "status": "affected",
        "lessThan": "SMR Nov-2022 Release 1",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2022&month=11

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

5.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-39879