Lucene search

Samsung MobileCVELIST:CVE-2023-30714

HistorySep 06, 2023 - 3:12 a.m.

CVE-2023-30714

2023-09-0603:12:00

Samsung Mobile

www.cve.org

improper authorization

one ui home

physical attackers

folder lock settings

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "status": "unaffected",
        "version": "SMR Sep-2023 Release in Selected Android 11, 12, 13 devices"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for CVELIST:CVE-2023-30714