Lucene search

Samsung MobileCVE-2022-39845

HistorySep 09, 2022 - 3:15 p.m.

CVE-2022-39845

2022-09-0915:15:14

CWE-354

Samsung Mobile

web.nvd.nist.gov

samsung kies

cve-2022-39845

integrity check

vulnerability

directory junction

local attack

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction.

Affected configurations

Nvd

Node

samsungkiesRange<2.6.4.22074

VendorProductVersionCPE
samsungkies*cpe:2.3:a:samsung:kies:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	kies	*	cpe:2.3:a:samsung:kies::::::::

CNA Affected

[
  {
    "product": "Samsung Kies",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "2.6.4.22074",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09

Social References

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-39845