CVE-2019-11341
Vulnerability from cvelistv5
Published
2019-10-09 15:00
Modified
2024-08-04 22:48
Severity ?
Summary
On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.
References
cve@mitre.orghttps://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.htmlThird Party Advisory
cve@mitre.orghttps://security.samsungmobile.com/securityUpdate.smsbNot Applicable
cve@mitre.orghttps://twitter.com/fs0c131y/status/1115889065285562368Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.samsungmobile.com/securityUpdate.smsbNot Applicable
af854a3a-2127-422b-91ae-364da2661108https://twitter.com/fs0c131y/status/1115889065285562368Exploit, Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:48:09.214Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/securityUpdate.smsb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/fs0c131y/status/1115889065285562368"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user\u0027s knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-09T15:00:17",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com/securityUpdate.smsb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/fs0c131y/status/1115889065285562368"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11341",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user\u0027s knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/securityUpdate.smsb",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com/securityUpdate.smsb"
            },
            {
              "name": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html",
              "refsource": "MISC",
              "url": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html"
            },
            {
              "name": "https://twitter.com/fs0c131y/status/1115889065285562368",
              "refsource": "MISC",
              "url": "https://twitter.com/fs0c131y/status/1115889065285562368"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11341",
    "datePublished": "2019-10-09T15:00:17",
    "dateReserved": "2019-04-19T00:00:00",
    "dateUpdated": "2024-08-04T22:48:09.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DFAAD08-36DA-4C95-8200-C29FE5B6B854\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:phone:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"343F6924-CADF-4BE3-88C7-61E469E88BD3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user\u0027s knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.\"}, {\"lang\": \"es\", \"value\": \"En ciertos tel\\u00e9fonos Samsung P(9.0), un atacante con acceso f\\u00edsico puede iniciar una captura de volcado TCP sin el conocimiento del usuario. Esta funcionalidad de la aplicaci\\u00f3n Service Mode est\\u00e1 disponible despu\\u00e9s de ingresar el c\\u00f3digo de comprobaci\\u00f3n *#9900#, pero est\\u00e1 protegida mediante una contrase\\u00f1a OTP. Sin embargo, esta contrase\\u00f1a se crea localmente y (debido al manejo inapropiado de la criptograf\\u00eda) puede ser obtenida f\\u00e1cilmente al invertir la l\\u00f3gica de creaci\\u00f3n de contrase\\u00f1a.\"}]",
      "id": "CVE-2019-11341",
      "lastModified": "2024-11-21T04:20:55.010",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-10-09T16:15:14.233",
      "references": "[{\"url\": \"https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.samsungmobile.com/securityUpdate.smsb\", \"source\": \"cve@mitre.org\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://twitter.com/fs0c131y/status/1115889065285562368\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.samsungmobile.com/securityUpdate.smsb\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://twitter.com/fs0c131y/status/1115889065285562368\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-327\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-11341\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-10-09T16:15:14.233\",\"lastModified\":\"2024-11-21T04:20:55.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user\u0027s knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.\"},{\"lang\":\"es\",\"value\":\"En ciertos tel\u00e9fonos Samsung P(9.0), un atacante con acceso f\u00edsico puede iniciar una captura de volcado TCP sin el conocimiento del usuario. Esta funcionalidad de la aplicaci\u00f3n Service Mode est\u00e1 disponible despu\u00e9s de ingresar el c\u00f3digo de comprobaci\u00f3n *#9900#, pero est\u00e1 protegida mediante una contrase\u00f1a OTP. Sin embargo, esta contrase\u00f1a se crea localmente y (debido al manejo inapropiado de la criptograf\u00eda) puede ser obtenida f\u00e1cilmente al invertir la l\u00f3gica de creaci\u00f3n de contrase\u00f1a.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DFAAD08-36DA-4C95-8200-C29FE5B6B854\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:phone:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"343F6924-CADF-4BE3-88C7-61E469E88BD3\"}]}]}],\"references\":[{\"url\":\"https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.samsungmobile.com/securityUpdate.smsb\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://twitter.com/fs0c131y/status/1115889065285562368\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.samsungmobile.com/securityUpdate.smsb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://twitter.com/fs0c131y/status/1115889065285562368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.