Lucene search

SamsungMobileCVELIST:CVE-2024-34642

HistorySep 04, 2024 - 5:32 a.m.

CVE-2024-34642

2024-09-0405:32:25

SamsungMobile

www.cve.org

improper authorization

one ui home

physical attackers

sensitive information

temporary access

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.4%

JSON

Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "status": "unaffected",
        "version": "SMR Sep-2024 Release in Android 12, 13, 14"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2024&month=09

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.4%

JSON

Related for CVELIST:CVE-2024-34642