Lucene search
Samsung MobileCVELIST:CVE-2021-25393HistoryJun 11, 2021 - 2:45 p.m.
CVE-2021-25393
2021-06-1114:45:22
CWE-94
Samsung Mobile
www.cve.org
4
improper sanitization
secsettings
local attackers
system uid data
CVSS3
6.6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
AI Score
7.1
Confidence
High
EPSS
0
Percentile
5.1%
Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.
CNA Affected
[
{
"product": "Samsung Mobile Devices ",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR MAY-2021 Release 1",
"status": "affected",
"version": "Q(10.0) , R(11.0)",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-25393
2021-06-11 15:15:08
cve
cve
CVE-2021-25393
2021-06-11 15:15:08
prion
prion
Design/Logic Flaw
2021-06-11 15:15:00
thn
thn
Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users
2021-06-11 09:28:00
androidsecurity
androidsecurity
Android 12L Security Release Notes
2022-02-22 00:00:00
CVSS3
6.6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
AI Score
7.1
Confidence
High
EPSS
0
Percentile
5.1%
Related for CVELIST:CVE-2021-25393