Lucene search

Samsung MobileCVELIST:CVE-2023-21487

HistoryMay 04, 2023 - 12:00 a.m.

CVE-2023-21487

2023-05-0400:00:00

CWE-287

Samsung Mobile

www.cve.org

cve-2023-21487

telephony framework

access control

vulnerability

smr may-2023

local attackers

call setting

CVSS3

5.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "version": "Android 11, 12, 13",
        "status": "affected",
        "lessThan": "SMR May-2023 Release 1",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05

CVSS3

5.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-21487