Lucene search

[email protected]CVE-2023-42578

HistoryDec 05, 2023 - 3:15 a.m.

CVE-2023-42578

2023-12-0503:15:18

CWE-755

[email protected]

web.nvd.nist.gov

vulnerability

samsung

data store

permissions

remote access

nvd

cve-2023-42578

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.6%

JSON

Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission.

Affected configurations

NVD

Node

samsungcloudRange≤5.2.00.7

CPENameOperatorVersion
samsung:cloudsamsung cloudle5.2.00.7

CPE	Name	Operator	Version
samsung:cloud	samsung cloud	le	5.2.00.7

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Data Store",
    "versions": [
      {
        "status": "unaffected",
        "version": "5.2.00.7"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.6%

JSON

Related for CVE-2023-42578

nvd1 prion1 cvelist1