Lucene search

Samsung MobileCVE-2023-30725

HistorySep 06, 2023 - 4:15 a.m.

CVE-2023-30725

2023-09-0604:15:16

CWE-287

Samsung Mobile

web.nvd.nist.gov

cve-2023-30725

improper authentication

localprovider

gallery

unauthorized access

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider.

Affected configurations

Nvd

Node

samsunggalleryRange<14.5.01.2

VendorProductVersionCPE
samsunggallery*cpe:2.3:a:samsung:gallery:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	gallery	*	cpe:2.3:a:samsung:gallery::::::::

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Gallery",
    "versions": [
      {
        "status": "unaffected",
        "version": "14.5.01.2"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-30725