cvelistv5 - CVE-2016-7991

CVE-2016-7991 (GCVE-0-2016-7991)

Vulnerability from cvelistv5 – Published: 2016-10-31 10:00 – Updated: 2024-08-06 02:13

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/94088	vdb-entryx_refsource_BID
	http://security.samsungmobile.com/smrupdate.html#…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:13:21.791Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94088",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94088"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On Samsung Galaxy S4 through S7 devices, the \"omacp\" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "94088",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94088"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7991",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On Samsung Galaxy S4 through S7 devices, the \"omacp\" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94088",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94088"
            },
            {
              "name": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016",
              "refsource": "CONFIRM",
              "url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-7991",
    "datePublished": "2016-10-31T10:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T02:13:21.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49413FF7-7910-4F74-B106-C3170612CB2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8882E50-7C49-4A99-91F2-DF979CF8BB2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98C32982-095C-4628-9958-118A3D3A9CAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3CEEA22-63B4-4702-A400-01349DF0EC1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C4E6353-B77A-464F-B7DE-932704003B33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77125688-2CCA-4990-ABB2-551D47CB0CDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9915371-C730-41F7-B86E-7E4DE0DF5385\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B846C63A-7261-481E-B4A4-0D8C79E0D8A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"691FA41B-C2CE-413F-ABB1-0B22CB322807\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"717D895C-E64D-4E0E-9F4A-9B191E6388B6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"721FDF15-999F-42C1-90C2-4708C6DB98B1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:galaxy_s5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7060E1BD-9FFF-4D74-A2EE-20ABB447EA23\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9C84354-75A3-4E55-A2D0-C0783AF36B37\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:galaxy_s7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F54653E7-88CD-4AA3-A2CD-BA0B116955F1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"On Samsung Galaxy S4 through S7 devices, the \\\"omacp\\\" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.\"}, {\"lang\": \"es\", \"value\": \"En dispositivos Samsung Galaxy S4 hasta la versi\\u00f3n S7, la aplicaci\\u00f3n \\\"omacp\\\" ignora informaci\\u00f3n de seguridad incrustada en los mensajes OMACP resultando en que mensajes WAP Push SMS remotos no solicitados son aceptados, analizados y manejados por el dispositivo, lo que lleva a cambios en la configuraci\\u00f3n no autorizados, un subconjunto de SVE-2016-6542.\"}]",
      "id": "CVE-2016-7991",
      "lastModified": "2024-11-21T02:58:51.723",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:C/A:N\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-10-31T10:59:08.147",
      "references": "[{\"url\": \"http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94088\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94088\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-388\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-7991\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-10-31T10:59:08.147\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On Samsung Galaxy S4 through S7 devices, the \\\"omacp\\\" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.\"},{\"lang\":\"es\",\"value\":\"En dispositivos Samsung Galaxy S4 hasta la versi\u00f3n S7, la aplicaci\u00f3n \\\"omacp\\\" ignora informaci\u00f3n de seguridad incrustada en los mensajes OMACP resultando en que mensajes WAP Push SMS remotos no solicitados son aceptados, analizados y manejados por el dispositivo, lo que lleva a cambios en la configuraci\u00f3n no autorizados, un subconjunto de SVE-2016-6542.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:C/A:N\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-388\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49413FF7-7910-4F74-B106-C3170612CB2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8882E50-7C49-4A99-91F2-DF979CF8BB2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C32982-095C-4628-9958-118A3D3A9CAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3CEEA22-63B4-4702-A400-01349DF0EC1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C4E6353-B77A-464F-B7DE-932704003B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77125688-2CCA-4990-ABB2-551D47CB0CDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9915371-C730-41F7-B86E-7E4DE0DF5385\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B846C63A-7261-481E-B4A4-0D8C79E0D8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"691FA41B-C2CE-413F-ABB1-0B22CB322807\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"717D895C-E64D-4E0E-9F4A-9B191E6388B6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"721FDF15-999F-42C1-90C2-4708C6DB98B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:galaxy_s5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7060E1BD-9FFF-4D74-A2EE-20ABB447EA23\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C84354-75A3-4E55-A2D0-C0783AF36B37\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:galaxy_s7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F54653E7-88CD-4AA3-A2CD-BA0B116955F1\"}]}]}],\"references\":[{\"url\":\"http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94088\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94088\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CNVD-2016-10515

Vulnerability from cnvd - Published: 2016-11-02

Title

Samsung Galaxy S4至S7设备未授权修改漏洞

Description

Samsung Galaxy S4等都是韩国三星（Samsung）公司发布的智能移动设备。 Samsung Galaxy S4至S7设备存在未授权修改漏洞。该漏洞源于程序忽略嵌入在OMACP信息中的安全信息。远程攻击者可利用该漏洞接收，解析，处理来路不明的WAP Push SMS信息，导致未授权修改配置信息。

Severity

高

Patch Name

Samsung Galaxy S4至S7设备存在未授权修改漏洞的补丁

Patch Description

Samsung Galaxy S4等都是韩国三星（Samsung）公司发布的智能移动设备。 Samsung Galaxy S4至S7设备存在未授权修改漏洞。该漏洞源于程序忽略嵌入在OMACP信息中的安全信息。远程攻击者可利用该漏洞接收，解析，处理来路不明的WAP Push SMS信息，导致未授权修改配置信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016

Reference

http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016

Impacted products

Name
Samsung Galaxy >=s4，<=s7

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7991"
    }
  },
  "description": "Samsung Galaxy S4\u7b49\u90fd\u662f\u97e9\u56fd\u4e09\u661f\uff08Samsung\uff09\u516c\u53f8\u53d1\u5e03\u7684\u667a\u80fd\u79fb\u52a8\u8bbe\u5907\u3002\r\n\r\nSamsung Galaxy S4\u81f3S7\u8bbe\u5907\u5b58\u5728\u672a\u6388\u6743\u4fee\u6539\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5ffd\u7565\u5d4c\u5165\u5728OMACP\u4fe1\u606f\u4e2d\u7684\u5b89\u5168\u4fe1\u606f\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a5\u6536\uff0c\u89e3\u6790\uff0c\u5904\u7406\u6765\u8def\u4e0d\u660e\u7684WAP Push SMS\u4fe1\u606f\uff0c\u5bfc\u81f4\u672a\u6388\u6743\u4fee\u6539\u914d\u7f6e\u4fe1\u606f\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10515",
  "openTime": "2016-11-02",
  "patchDescription": "Samsung Galaxy S4\u7b49\u90fd\u662f\u97e9\u56fd\u4e09\u661f\uff08Samsung\uff09\u516c\u53f8\u53d1\u5e03\u7684\u667a\u80fd\u79fb\u52a8\u8bbe\u5907\u3002\r\n\r\nSamsung Galaxy S4\u81f3S7\u8bbe\u5907\u5b58\u5728\u672a\u6388\u6743\u4fee\u6539\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5ffd\u7565\u5d4c\u5165\u5728OMACP\u4fe1\u606f\u4e2d\u7684\u5b89\u5168\u4fe1\u606f\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a5\u6536\uff0c\u89e3\u6790\uff0c\u5904\u7406\u6765\u8def\u4e0d\u660e\u7684WAP Push SMS\u4fe1\u606f\uff0c\u5bfc\u81f4\u672a\u6388\u6743\u4fee\u6539\u914d\u7f6e\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Samsung Galaxy S4\u81f3S7\u8bbe\u5907\u5b58\u5728\u672a\u6388\u6743\u4fee\u6539\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Samsung Galaxy \u003e=s4\uff0c\u003c=s7"
  },
  "referenceLink": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016",
  "serverity": "\u9ad8",
  "submitTime": "2016-11-01",
  "title": "Samsung Galaxy S4\u81f3S7\u8bbe\u5907\u672a\u6388\u6743\u4fee\u6539\u6f0f\u6d1e"
}

GHSA-FXH8-FM53-952W

Vulnerability from github – Published: 2022-05-17 03:35 – Updated: 2022-05-17 03:35

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-7991"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-31T10:59:00Z",
    "severity": "HIGH"
  },
  "details": "On Samsung Galaxy S4 through S7 devices, the \"omacp\" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.",
  "id": "GHSA-fxh8-fm53-952w",
  "modified": "2022-05-17T03:35:05Z",
  "published": "2022-05-17T03:35:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7991"
    },
    {
      "type": "WEB",
      "url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94088"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-7991

Vulnerability from fkie_nvd - Published: 2016-10-31 10:59 - Updated: 2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
cve@mitre.org	http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/94088	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94088	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
google	android	4.2.2
google	android	4.3
google	android	4.3.1
google	android	4.4
google	android	4.4.1
google	android	4.4.2
google	android	4.4.3
google	android	4.4.4
google	android	5.0
google	android	5.0.1
google	android	5.0.2
google	android	5.1
google	android	5.1.0
google	android	5.1.1
google	android	6.0
google	android	6.0.1
samsung	galaxy_s4	-
samsung	galaxy_s4_mini	-
samsung	galaxy_s5	-
samsung	galaxy_s6	-
samsung	galaxy_s7	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8882E50-7C49-4A99-91F2-DF979CF8BB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C32982-095C-4628-9958-118A3D3A9CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3CEEA22-63B4-4702-A400-01349DF0EC1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9915371-C730-41F7-B86E-7E4DE0DF5385",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D94CDD-DE7B-444E-A3AE-AE9C9A779374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "717D895C-E64D-4E0E-9F4A-9B191E6388B6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "721FDF15-999F-42C1-90C2-4708C6DB98B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:samsung:galaxy_s5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7060E1BD-9FFF-4D74-A2EE-20ABB447EA23",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C84354-75A3-4E55-A2D0-C0783AF36B37",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:samsung:galaxy_s7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F54653E7-88CD-4AA3-A2CD-BA0B116955F1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On Samsung Galaxy S4 through S7 devices, the \"omacp\" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542."
    },
    {
      "lang": "es",
      "value": "En dispositivos Samsung Galaxy S4 hasta la versi\u00f3n S7, la aplicaci\u00f3n \"omacp\" ignora informaci\u00f3n de seguridad incrustada en los mensajes OMACP resultando en que mensajes WAP Push SMS remotos no solicitados son aceptados, analizados y manejados por el dispositivo, lo que lleva a cambios en la configuraci\u00f3n no autorizados, un subconjunto de SVE-2016-6542."
    }
  ],
  "id": "CVE-2016-7991",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-31T10:59:08.147",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94088"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-388"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201610-0206

Vulnerability from variot - Updated: 2023-12-18 13:57

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542. This vulnerability SVE-2016-6542 Is part of Supplementary information : CWE Vulnerability type by CWE-388: Error Handling ( Error handling ) Has been identified. SamsungGalaxyS4 and so on are all smart mobile devices released by South Korea's Samsung. The SamsungGalaxyS4 to S7 device has an unauthorized modification vulnerability. The vulnerability stems from the program's ignoring of security information embedded in OMACP information. The remote attacker can use this vulnerability to receive, parse, and process unknown WAPSushSMS information, resulting in unauthorized modification of configuration information. Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Samsung Galaxy S4 through S7 devices are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0206",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "android",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "google",
        "version": "6.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "google",
        "version": "4.4"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "google",
        "version": "6.0.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "google",
        "version": "5.1.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "google",
        "version": "5.0.2"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "google",
        "version": "5.0.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "google",
        "version": "4.4.4"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "google",
        "version": "4.2.2"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "google",
        "version": "5.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "google",
        "version": "5.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "google",
        "version": "5.1.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "google",
        "version": "4.4.3"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "google",
        "version": "4.4.2"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "google",
        "version": "4.4.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "google",
        "version": "4.3.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "google",
        "version": "4.3"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "google",
        "version": "5.0/5.1"
      },
      {
        "model": "galaxy s4",
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s4 mini",
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s5",
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s6",
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s7",
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy \u003e=s4,\u003c=s7",
        "scope": null,
        "trust": 0.6,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "0"
      },
      {
        "model": "galaxy s6 edge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "0"
      },
      {
        "model": "galaxy s6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "0"
      },
      {
        "model": "galaxy s5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "0"
      },
      {
        "model": "galaxy s4 mini",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "0"
      },
      {
        "model": "galaxy s4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10515"
      },
      {
        "db": "BID",
        "id": "94088"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005689"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7991"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-875"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-7991"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tom Court of Context.",
    "sources": [
      {
        "db": "BID",
        "id": "94088"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-7991",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-7991",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-10515",
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-7991",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-7991",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-10515",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-875",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10515"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005689"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7991"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-875"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "On Samsung Galaxy S4 through S7 devices, the \"omacp\" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542. This vulnerability SVE-2016-6542 Is part of Supplementary information : CWE Vulnerability type by CWE-388: Error Handling ( Error handling ) Has been identified. SamsungGalaxyS4 and so on are all smart mobile devices released by South Korea\u0027s Samsung. The SamsungGalaxyS4 to S7 device has an unauthorized modification vulnerability. The vulnerability stems from the program\u0027s ignoring of security information embedded in OMACP information. The remote attacker can use this vulnerability to receive, parse, and process unknown WAPSushSMS information, resulting in unauthorized modification of configuration information. Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. \nAn attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nSamsung Galaxy S4 through S7 devices are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-7991"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005689"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-10515"
      },
      {
        "db": "BID",
        "id": "94088"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-7991",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "94088",
        "trust": 1.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005689",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-10515",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-875",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10515"
      },
      {
        "db": "BID",
        "id": "94088"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005689"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7991"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-875"
      }
    ]
  },
  "id": "VAR-201610-0206",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10515"
      }
    ],
    "trust": 1.081343704
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10515"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:57:29.130000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "https://www.android.com/intl/ja_jp/"
      },
      {
        "title": "SVE-2016-6542",
        "trust": 0.8,
        "url": "http://security.samsungmobile.com/smrupdate.html#smr-aug-2016"
      },
      {
        "title": "SamsungGalaxyS4 to S7 devices have patches for unauthorized modification of vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/83380"
      },
      {
        "title": "Multiple Samsung Galaxy Repair measures for device security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65196"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10515"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005689"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-875"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-388",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005689"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7991"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://security.samsungmobile.com/smrupdate.html#smr-aug-2016"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/94088"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7991"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7991"
      },
      {
        "trust": 0.6,
        "url": "http://security.samsungmobile.com/smrupdate.html#smr"
      },
      {
        "trust": 0.3,
        "url": "http://www.samsung.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10515"
      },
      {
        "db": "BID",
        "id": "94088"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005689"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7991"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-875"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10515"
      },
      {
        "db": "BID",
        "id": "94088"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005689"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-7991"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-875"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-10515"
      },
      {
        "date": "2016-11-01T00:00:00",
        "db": "BID",
        "id": "94088"
      },
      {
        "date": "2016-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005689"
      },
      {
        "date": "2016-10-31T10:59:08.147000",
        "db": "NVD",
        "id": "CVE-2016-7991"
      },
      {
        "date": "2016-10-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-875"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-10515"
      },
      {
        "date": "2016-11-24T01:07:00",
        "db": "BID",
        "id": "94088"
      },
      {
        "date": "2016-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005689"
      },
      {
        "date": "2016-12-02T23:37:50.417000",
        "db": "NVD",
        "id": "CVE-2016-7991"
      },
      {
        "date": "2016-11-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-875"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-875"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Samsung Galaxy Unapproved on device  WAP Push SMS Message acceptance vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005689"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-875"
      }
    ],
    "trust": 0.6
  }
}

GSD-2016-7991

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-7991

Aliases

CVE-2016-7991

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-7991",
    "description": "On Samsung Galaxy S4 through S7 devices, the \"omacp\" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.",
    "id": "GSD-2016-7991"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-7991"
      ],
      "details": "On Samsung Galaxy S4 through S7 devices, the \"omacp\" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.",
      "id": "GSD-2016-7991",
      "modified": "2023-12-13T01:21:20.768466Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-7991",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On Samsung Galaxy S4 through S7 devices, the \"omacp\" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "94088",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94088"
          },
          {
            "name": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016",
            "refsource": "CONFIRM",
            "url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7991"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "On Samsung Galaxy S4 through S7 devices, the \"omacp\" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-388"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
            },
            {
              "name": "94088",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94088"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2016-12-02T23:37Z",
      "publishedDate": "2016-10-31T10:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-7991 (GCVE-0-2016-7991)

CNVD-2016-10515

GHSA-FXH8-FM53-952W

FKIE_CVE-2016-7991

VAR-201610-0206

GSD-2016-7991

Tags

Sightings

Nomenclature