Lucene search

[email protected]CVE-2022-36850

HistorySep 09, 2022 - 3:15 p.m.

CVE-2022-36850

2022-09-0915:15:11

CWE-22

CWE-20

[email protected]

web.nvd.nist.gov

cve-2022-36850

path traversal

callbgprovider

smr

sep-2022 release 1

file overwrite

security vulnerability

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.0%

JSON

Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid.

Affected configurations

NVD

Node

googleandroidMatch12.0

CPENameOperatorVersion
google:androidgoogle androideq12.0

CPE	Name	Operator	Version
google:android	google android	eq	12.0

CNA Affected

[
  {
    "product": "Samsung Mobile Devices",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "SMR Sep-2022 Release 1",
        "status": "affected",
        "version": "S(12)",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2022&month=09

Social References

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.0%

JSON

Related for CVE-2022-36850

prion1 nvd1 cvelist1