Lucene search

Samsung MobileCVE-2023-21432

HistoryFeb 09, 2023 - 7:15 p.m.

CVE-2023-21432

2023-02-0919:15:15

CWE-285

Samsung Mobile

web.nvd.nist.gov

cve-2023-21432

smart things

access control

vulnerability

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.

Affected configurations

Nvd

Node

samsungsmart_thingsRange<1.7.93

VendorProductVersionCPE
samsungsmart_things*cpe:2.3:a:samsung:smart_things:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	smart_things	*	cpe:2.3:a:samsung:smart_things::::::::

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Smart Things",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "1.7.93",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-21432