Lucene search

Samsung MobileCVELIST:CVE-2023-21462

HistoryMar 16, 2023 - 12:00 a.m.

CVE-2023-21462

2023-03-1600:00:00

CWE-215

Samsung Mobile

www.cve.org

vulnerability

quick share agent

android

sensitive info exposure

mac address

4.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The sensitive information exposure vulnerability in Quick Share Agent prior to versions 3.5.14.18 in Android 12 and 3.5.16.20 in Android 13 allows to local attacker to access MAC address without related permission.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Quick Share Agent",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "3.5.14.18 in Android 12 and 3.5.16.20 in Android 13",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=03