Lucene search

Samsung MobileCVELIST:CVE-2023-30706

HistorySep 06, 2023 - 3:11 a.m.

CVE-2023-30706

2023-09-0603:11:52

Samsung Mobile

www.cve.org

samsung keyboard

cve-2023-30706

vulnerability

sep-2023

release 1

improper authorization

arbitrary file

system privilege

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

18.3%

JSON

Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "status": "unaffected",
        "version": "SMR Sep-2023 Release in Android 12"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

18.3%

JSON

Related for CVELIST:CVE-2023-30706