Lucene search

Samsung MobileCVELIST:CVE-2023-21502

HistoryMay 04, 2023 - 12:00 a.m.

CVE-2023-21502

2023-05-0400:00:00

CWE-20

Samsung Mobile

www.cve.org

input validation

factorytest application

smr may-2023

privilege escalation

local attackers

5.7 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

0.0004 Low

EPSS

Percentile

5.1%

JSON

Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "version": "Android 12, 13",
        "status": "affected",
        "lessThan": "SMR May-2023 Release 1",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05

5.7 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-21502