CVE-2012-6334

The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."

CVSS v2.0 2.9 LOW

2.9^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 5.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html
http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:samsung:samsungdive:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:samsung:galaxy_note_2:-:::::::*
	cpe:2.3:h:samsung:galaxy_s:-:::::::*
	cpe:2.3:h:samsung:galaxy_s2:-:::::::*

History

21 Nov 2024, 01:46

Type	Values Removed	Values Added
References	~~() http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html -~~	() http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html -

Information

Published : 2012-12-31 11:50

Updated : 2024-11-21 01:46

NVD link : CVE-2012-6334

Mitre link : CVE-2012-6334

CVE.ORG link : CVE-2012-6334

JSON object : View

Products Affected

samsung

samsungdive
galaxy_s2
galaxy_s
galaxy_note_2

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2012-6334", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.9, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-12-31T11:50:28.047", "references": [{"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html", "source": "cve@mitre.org"}, {"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a \"commonly available simple GPS location spoofer.\""}, {"lang": "es", "value": "La funci\u00f3n \"Track My Mobile\" en el subsistema SamsungDive para Android en los dispositivos Samsung Galaxy no implementa correctamente las APIs de localizaci\u00f3n, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos proporcionar datos de localizaci\u00f3n de su elecci\u00f3n a trav\u00e9s de un \"sencillo spoofer de localizaci\u00f3n GPS com\u00fanmente disponible.\"\r\n"}], "lastModified": "2024-11-21T01:46:01.567", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:samsungdive:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A2FC077-4D6C-4342-9B7F-FE2AC47F736A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_note_2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C11A19CD-FAFE-45ED-A24C-72642C3ED565"}, {"criteria": "cpe:2.3:h:samsung:galaxy_s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A60CAD7B-6A6C-4627-B999-AA442F210486"}, {"criteria": "cpe:2.3:h:samsung:galaxy_s2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "27B05798-6E5E-4DCD-810E-680DEB3BDE97"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}