CVE-2024-49404

Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=11	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*

History

13 Nov 2024, 00:55

Type	Values Removed	Values Added
First Time		Samsung Samsung android Samsung video Player
CWE		NVD-CWE-noinfo
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=11 -~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=11 - Vendor Advisory
CPE		cpe:2.3:a:samsung:video_player:::::::: cpe:2.3:o:samsung:android:13.0:-:::::: cpe:2.3:o:samsung:android:14.0:-:::::: cpe:2.3:o:samsung:android:12.0:-::::::
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : 4.6

06 Nov 2024, 18:17

Type	Values Removed	Values Added
Summary		(es) El control de acceso inadecuado en Samsung Video Player anterior a las versiones 7.3.29.1 en Android 12, 7.3.36.1 en Android 13 y 7.3.41.230 en Android 14 permite a atacantes físicos acceder a archivos de video de otros usuarios.

06 Nov 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-06 03:15

Updated : 2024-11-13 00:55

NVD link : CVE-2024-49404

Mitre link : CVE-2024-49404

CVE.ORG link : CVE-2024-49404

JSON object : View

Products Affected

samsung

android
video_player

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-49404", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-11-06T03:15:05.490", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=11", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users."}, {"lang": "es", "value": "El control de acceso inadecuado en Samsung Video Player anterior a las versiones 7.3.29.1 en Android 12, 7.3.36.1 en Android 13 y 7.3.41.230 en Android 14 permite a atacantes f\u00edsicos acceder a archivos de video de otros usuarios."}], "lastModified": "2024-11-13T00:55:09.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C149104-AD84-4B36-A76C-D60D3A2D4E32", "versionEndExcluding": "7.3.29.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D757450C-270E-4FB2-A50C-7F769FED558A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C2DBC69-A152-4FEA-8309-91E4B931834C", "versionEndExcluding": "7.3.36.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7105C7A2-36DA-4C5E-BE5F-9A252D8662A6", "versionEndExcluding": "7.3.41.230"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3093F6FE-C562-4F62-97B7-CA0D2DDF9BBE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "mobile.security@samsung.com"}