CVE-2023-42548

Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11	Vendor Advisory
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:account:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:22

Type	Values Removed	Values Added
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11 - Vendor Advisory~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 5.5

21 Jan 2024, 01:57

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-07 08:15

Updated : 2024-11-21 08:22

NVD link : CVE-2023-42548

Mitre link : CVE-2023-42548

CVE.ORG link : CVE-2023-42548

JSON object : View

Products Affected

samsung

account

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-42548", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-11-07T08:15:21.743", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}, {"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege."}, {"lang": "es", "value": "El uso de intenci\u00f3n impl\u00edcita para vulnerabilidad de comunicaci\u00f3n sensible en startMandatoryCheckActivity en Samsung Account anterior a la versi\u00f3n 14.5.00.7 permite a los atacantes acceder a archivos arbitrarios con privilegios de Samsung Account."}], "lastModified": "2024-11-21T08:22:45.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:account:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8058BFD6-B9B8-4855-8811-34119739B055", "versionEndExcluding": "14.5.00.7"}], "operator": "OR"}]}], "sourceIdentifier": "mobile.security@samsung.com"}