Lucene search

Samsung MobileCVELIST:CVE-2021-25392

HistoryJun 11, 2021 - 2:45 p.m.

CVE-2021-25392

2021-06-1114:45:22

CWE-200

Samsung Mobile

www.cve.org

samsung dex

smr may-2021

backup configuration

local attackers

sensitive information

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.

CNA Affected

[
  {
    "product": "Samsung Mobile Devices ",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "SMR MAY-2021 Release 1",
        "status": "affected",
        "version": "P(9.0), Q(10.0) , R(11.0)",
        "versionType": "custom"
      }
    ]
  }
]

References

blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/

security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-25392