Lucene search

Samsung MobileCVELIST:CVE-2023-21486

HistoryMay 04, 2023 - 12:00 a.m.

CVE-2023-21486

2023-05-0400:00:00

CWE-926

Samsung Mobile

www.cve.org

vulnerability

imagepreviewactivity

call settings

smr may-2023 release

physical attackers

media data

sandbox

5.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.9%

JSON

Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "version": "Android 11, 12, 13",
        "status": "affected",
        "lessThan": "SMR May-2023 Release 1",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05

5.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.9%

JSON

Related for CVELIST:CVE-2023-21486