Lucene search

Samsung MobileCVELIST:CVE-2023-21456

HistoryMar 16, 2023 - 12:00 a.m.

CVE-2023-21456

2023-03-1600:00:00

CWE-22

Samsung Mobile

www.cve.org

path traversal

galaxy themes service

smr release

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

9.2

Confidence

High

EPSS

Percentile

10.5%

JSON

Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "version": "Android 11, 12, 13",
        "status": "affected",
        "lessThan": "SMR Mar-2023 Release 1",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

9.2

Confidence

High

EPSS

Percentile

10.5%

JSON

Related for CVELIST:CVE-2023-21456