CVE-2019-11341 (GCVE-0-2019-11341)

Vulnerability from cvelistv5 – Published: 2019-10-09 15:00 – Updated: 2024-08-04 22:48
VLAI?
Summary
On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:48:09.214Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/securityUpdate.smsb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/fs0c131y/status/1115889065285562368"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user\u0027s knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-09T15:00:17",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com/securityUpdate.smsb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/fs0c131y/status/1115889065285562368"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11341",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user\u0027s knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/securityUpdate.smsb",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com/securityUpdate.smsb"
            },
            {
              "name": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html",
              "refsource": "MISC",
              "url": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html"
            },
            {
              "name": "https://twitter.com/fs0c131y/status/1115889065285562368",
              "refsource": "MISC",
              "url": "https://twitter.com/fs0c131y/status/1115889065285562368"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11341",
    "datePublished": "2019-10-09T15:00:17",
    "dateReserved": "2019-04-19T00:00:00",
    "dateUpdated": "2024-08-04T22:48:09.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DFAAD08-36DA-4C95-8200-C29FE5B6B854\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:phone:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"343F6924-CADF-4BE3-88C7-61E469E88BD3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user\u0027s knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.\"}, {\"lang\": \"es\", \"value\": \"En ciertos tel\\u00e9fonos Samsung P(9.0), un atacante con acceso f\\u00edsico puede iniciar una captura de volcado TCP sin el conocimiento del usuario. Esta funcionalidad de la aplicaci\\u00f3n Service Mode est\\u00e1 disponible despu\\u00e9s de ingresar el c\\u00f3digo de comprobaci\\u00f3n *#9900#, pero est\\u00e1 protegida mediante una contrase\\u00f1a OTP. Sin embargo, esta contrase\\u00f1a se crea localmente y (debido al manejo inapropiado de la criptograf\\u00eda) puede ser obtenida f\\u00e1cilmente al invertir la l\\u00f3gica de creaci\\u00f3n de contrase\\u00f1a.\"}]",
      "id": "CVE-2019-11341",
      "lastModified": "2024-11-21T04:20:55.010",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-10-09T16:15:14.233",
      "references": "[{\"url\": \"https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.samsungmobile.com/securityUpdate.smsb\", \"source\": \"cve@mitre.org\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://twitter.com/fs0c131y/status/1115889065285562368\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.samsungmobile.com/securityUpdate.smsb\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://twitter.com/fs0c131y/status/1115889065285562368\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-327\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-11341\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-10-09T16:15:14.233\",\"lastModified\":\"2024-11-21T04:20:55.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user\u0027s knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.\"},{\"lang\":\"es\",\"value\":\"En ciertos tel\u00e9fonos Samsung P(9.0), un atacante con acceso f\u00edsico puede iniciar una captura de volcado TCP sin el conocimiento del usuario. Esta funcionalidad de la aplicaci\u00f3n Service Mode est\u00e1 disponible despu\u00e9s de ingresar el c\u00f3digo de comprobaci\u00f3n *#9900#, pero est\u00e1 protegida mediante una contrase\u00f1a OTP. Sin embargo, esta contrase\u00f1a se crea localmente y (debido al manejo inapropiado de la criptograf\u00eda) puede ser obtenida f\u00e1cilmente al invertir la l\u00f3gica de creaci\u00f3n de contrase\u00f1a.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DFAAD08-36DA-4C95-8200-C29FE5B6B854\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:phone:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"343F6924-CADF-4BE3-88C7-61E469E88BD3\"}]}]}],\"references\":[{\"url\":\"https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.samsungmobile.com/securityUpdate.smsb\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://twitter.com/fs0c131y/status/1115889065285562368\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.samsungmobile.com/securityUpdate.smsb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://twitter.com/fs0c131y/status/1115889065285562368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.