Lucene search

MitreCVE-2023-37377

HistorySep 08, 2023 - 3:15 a.m.

CVE-2023-37377

2023-09-0803:15:08

CWE-125

mitre

web.nvd.nist.gov

samsung

exynos

mobile processor

wearable processor

cve-2023-37377

security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering.

Affected configurations

Nvd

Node

samsungexynos_980_firmwareMatch-

AND

samsungexynos_980Match-

Node

samsungexynos_850_firmwareMatch-

AND

samsungexynos_850Match-

Node

samsungexynos_2100_firmwareMatch-

AND

samsungexynos_2100Match-

Node

samsungexynos_w920_firmwareMatch-

AND

samsungexynos_w920Match-

VendorProductVersionCPE
samsungexynos_980_firmware-cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*
samsungexynos_980-cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*
samsungexynos_850_firmware-cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*
samsungexynos_850-cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*
samsungexynos_2100_firmware-cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*
samsungexynos_2100-cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*
samsungexynos_w920_firmware-cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*
samsungexynos_w920-cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	exynos_980_firmware	-	cpe:2.3:o:samsung:exynos_980_firmware:-:::::::*
samsung	exynos_980	-	cpe:2.3:h:samsung:exynos_980:-:::::::*
samsung	exynos_850_firmware	-	cpe:2.3:o:samsung:exynos_850_firmware:-:::::::*
samsung	exynos_850	-	cpe:2.3:h:samsung:exynos_850:-:::::::*
samsung	exynos_2100_firmware	-	cpe:2.3:o:samsung:exynos_2100_firmware:-:::::::*
samsung	exynos_2100	-	cpe:2.3:h:samsung:exynos_2100:-:::::::*
samsung	exynos_w920_firmware	-	cpe:2.3:o:samsung:exynos_w920_firmware:-:::::::*
samsung	exynos_w920	-	cpe:2.3:h:samsung:exynos_w920:-:::::::*

References

semiconductor.samsung.com/support/quality-support/product-security-updates/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

Related for CVE-2023-37377