cvelistv5 - cve-2016-4032

CVE-2016-4032 (GCVE-0-2016-4032)

Vulnerability from cvelistv5 – Published: 2017-04-13 16:00 – Updated: 2024-08-06 00:17

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/ud2/advisories/tree/master/and…	x_refsource_MISC
	http://www.securityfocus.com/bid/97650	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:17:29.844Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004"
          },
          {
            "name": "97650",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97650"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-17T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004"
        },
        {
          "name": "97650",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97650"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-4032",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004",
              "refsource": "MISC",
              "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004"
            },
            {
              "name": "97650",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97650"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-4032",
    "datePublished": "2017-04-13T16:00:00",
    "dateReserved": "2016-04-15T00:00:00",
    "dateUpdated": "2024-08-06T00:17:29.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu2coh2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03F1AFDE-A42D-4B25-8081-1BBA0319A138\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9C84354-75A3-4E55-A2D0-C0783AF36B37\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:samsung:galaxy_note_3_firmware:n9005xxugbob6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B1A9C49-9E9E-4BD8-9AF2-3C1C281F82C5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:galaxy_note_3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B148CE20-A498-4F1E-9C2D-C38F9F15292D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:samsung:galaxy_s4_mini_firmware:i9192xxubnb1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4957EA2-52E5-430F-8C88-342F42210296\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"721FDF15-999F-42C1-90C2-4708C6DB98B1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:samsung:galaxy_s4_mini_lte_firmware:i9195xxucol1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"086D5334-9867-479D-8EE6-974794850C6C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:galaxy_s4_mini_lte:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23C6FF67-C53E-4AAF-A3EF-2FCC448F0E6E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:samsung:galaxy_s4_firmware:i9505xxuhoj2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E2BC548-BCA0-4DAF-BA14-B8B135159E0F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"717D895C-E64D-4E0E-9F4A-9B191E6388B6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.\"}, {\"lang\": \"es\", \"value\": \"Samsung en los dispositivos SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), y GT-I9505 build I9505XXUHOJ2 (Galaxy S4) no bloquean AT+USBDEBUG y AT+WIFIVALUE, lo que permite a los atacantes modificar la configuraci\\u00f3n de Android aprovechando el acceso AT, tambi\\u00e9n conocido como SVE-2016-5301.\"}]",
      "id": "CVE-2016-4032",
      "lastModified": "2024-11-21T02:51:12.373",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 4.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-04-13T16:59:01.237",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/97650\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97650\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-4032\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-04-13T16:59:01.237\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.\"},{\"lang\":\"es\",\"value\":\"Samsung en los dispositivos SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), y GT-I9505 build I9505XXUHOJ2 (Galaxy S4) no bloquean AT+USBDEBUG y AT+WIFIVALUE, lo que permite a los atacantes modificar la configuraci\u00f3n de Android aprovechando el acceso AT, tambi\u00e9n conocido como SVE-2016-5301.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu2coh2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03F1AFDE-A42D-4B25-8081-1BBA0319A138\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C84354-75A3-4E55-A2D0-C0783AF36B37\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:galaxy_note_3_firmware:n9005xxugbob6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B1A9C49-9E9E-4BD8-9AF2-3C1C281F82C5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:galaxy_note_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B148CE20-A498-4F1E-9C2D-C38F9F15292D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:galaxy_s4_mini_firmware:i9192xxubnb1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4957EA2-52E5-430F-8C88-342F42210296\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"721FDF15-999F-42C1-90C2-4708C6DB98B1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:galaxy_s4_mini_lte_firmware:i9195xxucol1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"086D5334-9867-479D-8EE6-974794850C6C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:galaxy_s4_mini_lte:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23C6FF67-C53E-4AAF-A3EF-2FCC448F0E6E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:galaxy_s4_firmware:i9505xxuhoj2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E2BC548-BCA0-4DAF-BA14-B8B135159E0F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"717D895C-E64D-4E0E-9F4A-9B191E6388B6\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/97650\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97650\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]}]}}"
  }
}

VAR-201704-0029

Vulnerability from variot - Updated: 2023-12-18 12:44

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301. Vendors have confirmed this vulnerability SVE-2016-5301 It is released as.By the attacker, AT By using access to AT A command may be sent. SamsungSM-G920F (GalaxyS6) and so on are all smartphones released by South Korea's Samsung. There are security bypass vulnerabilities in several Samsung phones. Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0029",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "galaxy s4 mini lte",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "samsung",
        "version": "i9195xxucol1"
      },
      {
        "model": "galaxy s4 mini",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "samsung",
        "version": "i9192xxubnb1"
      },
      {
        "model": "galaxy s4",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "samsung",
        "version": "i9505xxuhoj2"
      },
      {
        "model": "galaxy s6",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "samsung",
        "version": "g920fxxu2coh2"
      },
      {
        "model": "galaxy note 3",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "samsung",
        "version": "n9005xxugbob6"
      },
      {
        "model": "note 3",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "samsung",
        "version": "n9005xxugbob6"
      },
      {
        "model": "galaxy note sm-n9005 build n9005xxugbok6",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "samsung",
        "version": "3"
      },
      {
        "model": "galaxy s6 sm-g920f build g920fxxu2coh2",
        "scope": null,
        "trust": 0.6,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s4 mini gt-i9192 build i9192xxubnb1",
        "scope": null,
        "trust": 0.6,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s4 mini lte gt-i9195 build i9195xxucol1",
        "scope": null,
        "trust": 0.6,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s4 gt-i9505 build i9505xxuhoj2",
        "scope": null,
        "trust": 0.6,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s6 sm-g920f build g920f",
        "scope": null,
        "trust": 0.3,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s4 mini lte gt-i9195 build i9195",
        "scope": null,
        "trust": 0.3,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s4 mini gt-i9192 build i9192",
        "scope": null,
        "trust": 0.3,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s4 gt-i9505 build i9505",
        "scope": null,
        "trust": 0.3,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy note sm-n9005 build n9005",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "3"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07192"
      },
      {
        "db": "BID",
        "id": "97650"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008460"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4032"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-748"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu2coh2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:galaxy_note_3_firmware:n9005xxugbob6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_note_3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:galaxy_s4_mini_firmware:i9192xxubnb1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:galaxy_s4_mini_lte_firmware:i9195xxucol1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4_mini_lte:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:galaxy_s4_firmware:i9505xxuhoj2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4032"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Roberto Paleari (@rpaleari) and Aristide Fattori (@joystick).",
    "sources": [
      {
        "db": "BID",
        "id": "97650"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-4032",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-4032",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2017-07192",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-92851",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 0.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.6,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-4032",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-4032",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-07192",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-748",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-92851",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-4032",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07192"
      },
      {
        "db": "VULHUB",
        "id": "VHN-92851"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4032"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008460"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4032"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-748"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301. Vendors have confirmed this vulnerability SVE-2016-5301 It is released as.By the attacker, AT By using access to AT A command may be sent. SamsungSM-G920F (GalaxyS6) and so on are all smartphones released by South Korea\u0027s Samsung. There are security bypass vulnerabilities in several Samsung phones. Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. \nAn attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4032"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008460"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07192"
      },
      {
        "db": "BID",
        "id": "97650"
      },
      {
        "db": "VULHUB",
        "id": "VHN-92851"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4032"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4032",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "97650",
        "trust": 2.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008460",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-748",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07192",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-92851",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4032",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07192"
      },
      {
        "db": "VULHUB",
        "id": "VHN-92851"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4032"
      },
      {
        "db": "BID",
        "id": "97650"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008460"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4032"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-748"
      }
    ]
  },
  "id": "VAR-201704-0029",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07192"
      },
      {
        "db": "VULHUB",
        "id": "VHN-92851"
      }
    ],
    "trust": 1.426199634
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07192"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:44:40.636000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SVE-2016-5301: Modem interface exposed via USB on Secure",
        "trust": 0.8,
        "url": "http://security.samsungmobile.com/smrupdate.html"
      },
      {
        "title": "Patches for several Samsung Mobile Security Surveillance Vulnerabilities (CNVD-2017-07192)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/94088"
      },
      {
        "title": "Multiple Samsung Mobile phone security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70226"
      },
      {
        "title": "SM-A217F_forensics",
        "trust": 0.1,
        "url": "https://github.com/tomiwa-ot/sm-a217f_forensics "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07192"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4032"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008460"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-748"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-284",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92851"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008460"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4032"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.5,
        "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/97650"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4032"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4032"
      },
      {
        "trust": 0.3,
        "url": "http://www.samsung.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/284.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/tomiwa-ot/sm-a217f_forensics"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07192"
      },
      {
        "db": "VULHUB",
        "id": "VHN-92851"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4032"
      },
      {
        "db": "BID",
        "id": "97650"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008460"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4032"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-748"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07192"
      },
      {
        "db": "VULHUB",
        "id": "VHN-92851"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4032"
      },
      {
        "db": "BID",
        "id": "97650"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008460"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4032"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-748"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07192"
      },
      {
        "date": "2017-04-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92851"
      },
      {
        "date": "2017-04-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-4032"
      },
      {
        "date": "2017-04-13T00:00:00",
        "db": "BID",
        "id": "97650"
      },
      {
        "date": "2017-05-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008460"
      },
      {
        "date": "2017-04-13T16:59:01.237000",
        "db": "NVD",
        "id": "CVE-2016-4032"
      },
      {
        "date": "2017-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-748"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07192"
      },
      {
        "date": "2017-04-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92851"
      },
      {
        "date": "2017-04-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-4032"
      },
      {
        "date": "2017-04-18T00:06:00",
        "db": "BID",
        "id": "97650"
      },
      {
        "date": "2017-05-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008460"
      },
      {
        "date": "2017-04-25T15:49:36.043000",
        "db": "NVD",
        "id": "CVE-2016-4032"
      },
      {
        "date": "2017-05-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-748"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-748"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Samsung In the device  Android Vulnerability to change settings",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008460"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-748"
      }
    ],
    "trust": 0.6
  }
}

GSD-2016-4032

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-4032

Aliases

CVE-2016-4032

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-4032",
    "description": "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.",
    "id": "GSD-2016-4032"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-4032"
      ],
      "details": "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.",
      "id": "GSD-2016-4032",
      "modified": "2023-12-13T01:21:19.024097Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-4032",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004",
            "refsource": "MISC",
            "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004"
          },
          {
            "name": "97650",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97650"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu2coh2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:galaxy_note_3_firmware:n9005xxugbob6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_note_3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:galaxy_s4_mini_firmware:i9192xxubnb1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:galaxy_s4_mini_lte_firmware:i9195xxucol1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4_mini_lte:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:galaxy_s4_firmware:i9505xxuhoj2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-4032"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004"
            },
            {
              "name": "97650",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97650"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-04-25T15:49Z",
      "publishedDate": "2017-04-13T16:59Z"
    }
  }
}

GHSA-Q3VH-9HX4-F8M5

Vulnerability from github – Published: 2022-05-17 02:48 – Updated: 2022-05-17 02:48

Details

Severity ?

4.6 (Medium)


                  
                    CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-4032"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-13T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.",
  "id": "GHSA-q3vh-9hx4-f8m5",
  "modified": "2022-05-17T02:48:33Z",
  "published": "2022-05-17T02:48:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4032"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97650"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-4032

Vulnerability from fkie_nvd - Published: 2017-04-13 16:59 - Updated: 2025-04-20 01:37

Severity ?

4.6 (Medium) - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/97650	Third Party Advisory, VDB Entry
cve@mitre.org	https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004	Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97650	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004	Exploit, Technical Description, Third Party Advisory

Impacted products

Vendor	Product	Version
samsung	galaxy_s6_firmware	g920fxxu2coh2
samsung	galaxy_s6	-
samsung	galaxy_note_3_firmware	n9005xxugbob6
samsung	galaxy_note_3	-
samsung	galaxy_s4_mini_firmware	i9192xxubnb1
samsung	galaxy_s4_mini	-
samsung	galaxy_s4_mini_lte_firmware	i9195xxucol1
samsung	galaxy_s4_mini_lte	-
samsung	galaxy_s4_firmware	i9505xxuhoj2
samsung	galaxy_s4	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu2coh2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03F1AFDE-A42D-4B25-8081-1BBA0319A138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C84354-75A3-4E55-A2D0-C0783AF36B37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:galaxy_note_3_firmware:n9005xxugbob6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B1A9C49-9E9E-4BD8-9AF2-3C1C281F82C5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:galaxy_note_3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B148CE20-A498-4F1E-9C2D-C38F9F15292D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:galaxy_s4_mini_firmware:i9192xxubnb1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4957EA2-52E5-430F-8C88-342F42210296",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "721FDF15-999F-42C1-90C2-4708C6DB98B1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:galaxy_s4_mini_lte_firmware:i9195xxucol1:*:*:*:*:*:*:*",
              "matchCriteriaId": "086D5334-9867-479D-8EE6-974794850C6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:galaxy_s4_mini_lte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23C6FF67-C53E-4AAF-A3EF-2FCC448F0E6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:galaxy_s4_firmware:i9505xxuhoj2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2BC548-BCA0-4DAF-BA14-B8B135159E0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "717D895C-E64D-4E0E-9F4A-9B191E6388B6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301."
    },
    {
      "lang": "es",
      "value": "Samsung en los dispositivos SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), y GT-I9505 build I9505XXUHOJ2 (Galaxy S4) no bloquean AT+USBDEBUG y AT+WIFIVALUE, lo que permite a los atacantes modificar la configuraci\u00f3n de Android aprovechando el acceso AT, tambi\u00e9n conocido como SVE-2016-5301."
    }
  ],
  "id": "CVE-2016-4032",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-13T16:59:01.237",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97650"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-07192

Vulnerability from cnvd - Published: 2017-05-22

Title

多款Samsung手机安全绕过漏洞（CNVD-2017-07192）

Description

Samsung SM-G920F(Galaxy S6)等都是韩国三星（Samsung）公司发布的智能手机。多款Samsung手机中存在安全绕过漏洞。攻击者可借助AT访问权限利用该漏洞修改Android设置。

Severity

低

Patch Name

多款Samsung手机安全绕过漏洞（CNVD-2017-07192）的补丁

Patch Description

Samsung SM-G920F(Galaxy S6)等都是韩国三星（Samsung）公司发布的智能手机。多款Samsung手机中存在安全绕过漏洞。攻击者可借助AT访问权限利用该漏洞修改Android设置。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016

Reference

https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004

Impacted products

Name
['Samsung Galaxy Note 3 SM-N9005 build N9005XXUGBOK6', 'Samsung Galaxy S6 SM-G920F build G920FXXU2COH2', 'Samsung Galaxy S4 Mini GT-I9192 build I9192XXUBNB1', 'Samsung Galaxy S4 mini LTE GT-I9195 build I9195XXUCOL1', 'Samsung Galaxy S4 GT-I9505 build I9505XXUHOJ2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97650"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4032"
    }
  },
  "description": "Samsung SM-G920F(Galaxy S6)\u7b49\u90fd\u662f\u97e9\u56fd\u4e09\u661f\uff08Samsung\uff09\u516c\u53f8\u53d1\u5e03\u7684\u667a\u80fd\u624b\u673a\u3002\r\n\r\n\u591a\u6b3eSamsung\u624b\u673a\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9AT\u8bbf\u95ee\u6743\u9650\u5229\u7528\u8be5\u6f0f\u6d1e\u4fee\u6539Android\u8bbe\u7f6e\u3002",
  "discovererName": "Roberto Paleari (@rpaleari) and Aristide Fattori (@joystick).",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-07192",
  "openTime": "2017-05-22",
  "patchDescription": "Samsung SM-G920F(Galaxy S6)\u7b49\u90fd\u662f\u97e9\u56fd\u4e09\u661f\uff08Samsung\uff09\u516c\u53f8\u53d1\u5e03\u7684\u667a\u80fd\u624b\u673a\u3002\r\n\r\n\u591a\u6b3eSamsung\u624b\u673a\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9AT\u8bbf\u95ee\u6743\u9650\u5229\u7528\u8be5\u6f0f\u6d1e\u4fee\u6539Android\u8bbe\u7f6e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSamsung\u624b\u673a\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2017-07192\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Samsung Galaxy Note 3 SM-N9005 build N9005XXUGBOK6",
      "Samsung  Galaxy S6 SM-G920F build G920FXXU2COH2",
      "Samsung Galaxy S4 Mini GT-I9192 build I9192XXUBNB1",
      "Samsung Galaxy S4 mini LTE GT-I9195 build I9195XXUCOL1",
      "Samsung Galaxy S4 GT-I9505 build I9505XXUHOJ2"
    ]
  },
  "referenceLink": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004",
  "serverity": "\u4f4e",
  "submitTime": "2017-05-18",
  "title": "\u591a\u6b3eSamsung\u624b\u673a\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2017-07192\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-4032 (GCVE-0-2016-4032)

VAR-201704-0029

GSD-2016-4032

GHSA-Q3VH-9HX4-F8M5

FKIE_CVE-2016-4032

CNVD-2017-07192

Tags

Sightings

Nomenclature