Lucene search

[email protected]CVE-2024-20885

HistoryJun 04, 2024 - 7:15 a.m.

CVE-2024-20885

2024-06-0407:15:46

[email protected]

web.nvd.nist.gov

cve-2024-20885

vulnerability

report

nvd

5.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "status": "unaffected",
        "version": "SMR Jun-2024 Release in Selected Android 13, 14 devices"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2024&month=06

5.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-20885

nvd1 vulnrichment1 cvelist1