Lucene search

Samsung MobileCVELIST:CVE-2023-30677

HistoryJul 06, 2023 - 2:51 a.m.

CVE-2023-30677

2023-07-0602:51:50

Samsung Mobile

www.cve.org

samsung pass

access control

vulnerability

physical attackers

data access

CVSS3

6.1

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Pass",
    "versions": [
      {
        "status": "unaffected",
        "version": "4.2.03.1"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=07

CVSS3

6.1

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

Related for CVELIST:CVE-2023-30677