Lucene search

Samsung MobileCVELIST:CVE-2022-39901

HistoryDec 08, 2022 - 12:00 a.m.

CVE-2022-39901

2022-12-0800:00:00

CWE-287

Samsung Mobile

www.cve.org

exynos baseband

improper authentication

network traffic encryption

remote attacker

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.4%

JSON

Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "version": "Exynos baseband ",
        "status": "affected",
        "lessThan": "SMR Dec-2022 Release 1",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2022&month=12

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.4%

JSON

Related for CVELIST:CVE-2022-39901