Lucene search

[email protected]NVD:CVE-2018-16269

HistoryJan 22, 2020 - 1:15 p.m.

CVE-2018-16269

2020-01-2213:15:10

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

69.6%

JSON

The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Affected configurations

Nvd

Node

samsunggalaxy_gear_firmwareRange<re2

AND

samsunggalaxy_gearMatch-

Node

samsunggear_2_firmwareRange<re2

AND

samsunggear_2Match-

Node

samsunggear_live_firmwareRange<re2

AND

samsunggear_liveMatch-

Node

samsunggear_s_firmwareRange<re2

AND

samsunggear_sMatch-

Node

samsunggear_s2_firmwareRange<re2

AND

samsunggear_s2Match-

Node

samsunggear_s3_firmwareRange<re2

AND

samsunggear_s3Match-

Node

samsunggear_sport_firmwareRange<re2

AND

samsunggear_sportMatch-

Node

samsunggear_fit_firmwareRange<re2

AND

samsunggear_fitMatch-

Node

samsunggear_fit_2_firmwareRange<re2

AND

samsunggear_fit_2Match-

Node

samsunggear_fit_2_pro_firmwareRange<re2

AND

samsunggear_fit_2_proMatch-

VendorProductVersionCPE
samsunggalaxy_gear_firmware*cpe:2.3:o:samsung:galaxy_gear_firmware:*:*:*:*:*:*:*:*
samsunggalaxy_gear-cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*
samsunggear_2_firmware*cpe:2.3:o:samsung:gear_2_firmware:*:*:*:*:*:*:*:*
samsunggear_2-cpe:2.3:h:samsung:gear_2:-:*:*:*:*:*:*:*
samsunggear_live_firmware*cpe:2.3:o:samsung:gear_live_firmware:*:*:*:*:*:*:*:*
samsunggear_live-cpe:2.3:h:samsung:gear_live:-:*:*:*:*:*:*:*
samsunggear_s_firmware*cpe:2.3:o:samsung:gear_s_firmware:*:*:*:*:*:*:*:*
samsunggear_s-cpe:2.3:h:samsung:gear_s:-:*:*:*:*:*:*:*
samsunggear_s2_firmware*cpe:2.3:o:samsung:gear_s2_firmware:*:*:*:*:*:*:*:*
samsunggear_s2-cpe:2.3:h:samsung:gear_s2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	galaxy_gear_firmware	*	cpe:2.3:o:samsung:galaxy_gear_firmware::::::::
samsung	galaxy_gear	-	cpe:2.3:h:samsung:galaxy_gear:-:::::::*
samsung	gear_2_firmware	*	cpe:2.3:o:samsung:gear_2_firmware::::::::
samsung	gear_2	-	cpe:2.3:h:samsung:gear_2:-:::::::*
samsung	gear_live_firmware	*	cpe:2.3:o:samsung:gear_live_firmware::::::::
samsung	gear_live	-	cpe:2.3:h:samsung:gear_live:-:::::::*
samsung	gear_s_firmware	*	cpe:2.3:o:samsung:gear_s_firmware::::::::
samsung	gear_s	-	cpe:2.3:h:samsung:gear_s:-:::::::*
samsung	gear_s2_firmware	*	cpe:2.3:o:samsung:gear_s2_firmware::::::::
samsung	gear_s2	-	cpe:2.3:h:samsung:gear_s2:-:::::::*

Rows per page:

1-10 of 201

References

media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf

www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

69.6%

JSON

Related for NVD:CVE-2018-16269

prion1 cvelist1 cve1