Lucene search

[email protected]NVD:CVE-2016-4030

HistoryApr 13, 2017 - 4:59 p.m.

CVE-2016-4030

2017-04-1316:59:01

CWE-284

[email protected]

web.nvd.nist.gov

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

59.4%

JSON

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301.

Affected configurations

Nvd

Node

samsunggalaxy_s6_firmwareMatchg920fxxu2coh2

AND

samsunggalaxy_s6Match-

Node

samsunggalaxy_note_3_firmwareMatchn9005xxugbob6

AND

samsunggalaxy_note_3Match-

Node

samsunggalaxy_s4_mini_firmwareMatchi9192xxubnb1

AND

samsunggalaxy_s4_miniMatch-

Node

samsunggalaxy_s4_mini_lte_firmwareMatchi9195xxucol1

AND

samsunggalaxy_s4_mini_lteMatch-

Node

samsunggalaxy_s4_firmwareMatchi9505xxuhoj2

AND

samsunggalaxy_s4Match-

VendorProductVersionCPE
samsunggalaxy_s6_firmwareg920fxxu2coh2cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu2coh2:*:*:*:*:*:*:*
samsunggalaxy_s6-cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*
samsunggalaxy_note_3_firmwaren9005xxugbob6cpe:2.3:o:samsung:galaxy_note_3_firmware:n9005xxugbob6:*:*:*:*:*:*:*
samsunggalaxy_note_3-cpe:2.3:h:samsung:galaxy_note_3:-:*:*:*:*:*:*:*
samsunggalaxy_s4_mini_firmwarei9192xxubnb1cpe:2.3:o:samsung:galaxy_s4_mini_firmware:i9192xxubnb1:*:*:*:*:*:*:*
samsunggalaxy_s4_mini-cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*
samsunggalaxy_s4_mini_lte_firmwarei9195xxucol1cpe:2.3:o:samsung:galaxy_s4_mini_lte_firmware:i9195xxucol1:*:*:*:*:*:*:*
samsunggalaxy_s4_mini_lte-cpe:2.3:h:samsung:galaxy_s4_mini_lte:-:*:*:*:*:*:*:*
samsunggalaxy_s4_firmwarei9505xxuhoj2cpe:2.3:o:samsung:galaxy_s4_firmware:i9505xxuhoj2:*:*:*:*:*:*:*
samsunggalaxy_s4-cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	galaxy_s6_firmware	g920fxxu2coh2	cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu2coh2:::::::*
samsung	galaxy_s6	-	cpe:2.3:h:samsung:galaxy_s6:-:::::::*
samsung	galaxy_note_3_firmware	n9005xxugbob6	cpe:2.3:o:samsung:galaxy_note_3_firmware:n9005xxugbob6:::::::*
samsung	galaxy_note_3	-	cpe:2.3:h:samsung:galaxy_note_3:-:::::::*
samsung	galaxy_s4_mini_firmware	i9192xxubnb1	cpe:2.3:o:samsung:galaxy_s4_mini_firmware:i9192xxubnb1:::::::*
samsung	galaxy_s4_mini	-	cpe:2.3:h:samsung:galaxy_s4_mini:-:::::::*
samsung	galaxy_s4_mini_lte_firmware	i9195xxucol1	cpe:2.3:o:samsung:galaxy_s4_mini_lte_firmware:i9195xxucol1:::::::*
samsung	galaxy_s4_mini_lte	-	cpe:2.3:h:samsung:galaxy_s4_mini_lte:-:::::::*
samsung	galaxy_s4_firmware	i9505xxuhoj2	cpe:2.3:o:samsung:galaxy_s4_firmware:i9505xxuhoj2:::::::*
samsung	galaxy_s4	-	cpe:2.3:h:samsung:galaxy_s4:-:::::::*

References

www.securityfocus.com/bid/97701

github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

59.4%

JSON

Related for NVD:CVE-2016-4030

cvelist1 prion1 cve1