Lucene search

Samsung MobileCVE-2023-30728

HistorySep 06, 2023 - 4:15 a.m.

CVE-2023-30728

2023-09-0604:15:16

Samsung Mobile

web.nvd.nist.gov

cve

2023

30728

intent redirection

packageinstallerchn

vulnerability

local attacker

arbitrary file

user interaction

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. This vulnerability requires user interaction.

Affected configurations

Nvd

Node

samsungpackageinstallerchnRange<13.1.03.00

VendorProductVersionCPE
samsungpackageinstallerchn*cpe:2.3:a:samsung:packageinstallerchn:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	packageinstallerchn	*	cpe:2.3:a:samsung:packageinstallerchn::::::::

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "PackageInstallerCHN ",
    "versions": [
      {
        "status": "unaffected",
        "version": " 13.1.03.00"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

Related for CVE-2023-30728