Lucene search

Samsung MobileCVELIST:CVE-2023-21425

HistoryFeb 09, 2023 - 12:00 a.m.

CVE-2023-21425

2023-02-0900:00:00

CWE-287

Samsung Mobile

www.cve.org

access control

telecom application

smr jan-2023

local attackers

sensitive information

CVSS3

4.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "version": "Q(10), R(11), S(12), T(13)",
        "status": "affected",
        "lessThan": "SMR Jan-2023 Release 1",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01

CVSS3

4.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-21425