Lucene search

Samsung MobileCVELIST:CVE-2023-21441

HistoryFeb 09, 2023 - 12:00 a.m.

CVE-2023-21441

2023-02-0900:00:00

CWE-345

Samsung Mobile

www.cve.org

android

data authenticity

vulnerability

local attacker

protected files

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Routine",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12)",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-21441