Lucene search

SamsungMobileCVELIST:CVE-2023-42571

HistoryDec 05, 2023 - 2:44 a.m.

CVE-2023-42571

2023-12-0502:44:28

SamsungMobile

www.cve.org

cve-2023-42571

abuse of remote unlock

find my mobile

samsung account

sms verification

device security

7.6 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.7%

JSON

Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Find My Mobile",
    "versions": [
      {
        "status": "unaffected",
        "version": "7.3.13.4"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12

7.6 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.7%

JSON

Related for CVELIST:CVE-2023-42571