Lucene search

Samsung MobileCVE-2023-21455

HistoryMar 16, 2023 - 9:15 p.m.

CVE-2023-21455

2023-03-1621:15:11

CWE-287

Samsung Mobile

web.nvd.nist.gov

cve-2023-21455

exynos baseband

smr mar-2023 release 1

improper authorization

unencrypted message

nvd

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

43.4%

JSON

Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.

Affected configurations

Nvd

Node

samsungexynos_firmwareMatch-

AND

samsungexynosMatch-

VendorProductVersionCPE
samsungexynos_firmware-cpe:2.3:o:samsung:exynos_firmware:-:*:*:*:*:*:*:*
samsungexynos-cpe:2.3:h:samsung:exynos:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	exynos_firmware	-	cpe:2.3:o:samsung:exynos_firmware:-:::::::*
samsung	exynos	-	cpe:2.3:h:samsung:exynos:-:::::::*

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "version": "Select devices using Exynos CP chipsets",
        "status": "affected",
        "lessThan": "SMR Mar-2023 Release 1",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

43.4%

JSON

Related for CVE-2023-21455