cvelistv5 - cve-2022-39875

CVE-2022-39875 (GCVE-0-2022-39875)

Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-03 12:07

Summary

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

Severity ?

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE

CWE-284 - Improper Access Control

Assigner

Samsung Mobile

References

URL

	Vendor	Product	Version
	Samsung Mobile	Samsung Account	Affected: unspecified , < 13.5.0 (custom)

VAR-202210-0113

Vulnerability from variot - Updated: 2023-12-18 13:27

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. Samsung's account Exists in unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state. SAMSUNG Mobile devices is a series of Samsung mobile devices of South Korea's Samsung (SAMSUNG), including mobile phones, tablets, etc. An attacker could exploit this vulnerability to log off without authorization

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202210-0113",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "account",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "samsung",
        "version": "13.5.01.3"
      },
      {
        "model": "account",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b5\u30e0\u30b9\u30f3",
        "version": null
      },
      {
        "model": "account",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b5\u30e0\u30b9\u30f3",
        "version": null
      },
      {
        "model": "account",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b5\u30e0\u30b9\u30f3",
        "version": "13.5.01.3"
      },
      {
        "model": "mobile devices",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "samsung",
        "version": "13.5.01.3"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87955"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018619"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39875"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:samsung:account:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.5.01.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-39875"
      }
    ]
  },
  "cve": "CVE-2022-39875",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2022-87955",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "mobile.security@samsung.com",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.5,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 4.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2022-39875",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-39875",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "mobile.security@samsung.com",
            "id": "CVE-2022-39875",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-87955",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202210-269",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87955"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018619"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39875"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39875"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-269"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. Samsung\u0027s account Exists in unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state. SAMSUNG Mobile devices is a series of Samsung mobile devices of South Korea\u0027s Samsung (SAMSUNG), including mobile phones, tablets, etc. An attacker could exploit this vulnerability to log off without authorization",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-39875"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018619"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-87955"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-39875",
        "trust": 3.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018619",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-87955",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-269",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87955"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018619"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39875"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-269"
      }
    ]
  },
  "id": "VAR-202210-0113",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87955"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87955"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:27:01.655000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for SAMSUNG Mobile devices account component access control error vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/371221"
      },
      {
        "title": "SAMSUNG Mobile devices Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209910"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87955"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-269"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018619"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39875"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "https://security.samsungmobile.com/serviceweb.smsb?year=2022\u0026month=10"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-39875"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-39875/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87955"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018619"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39875"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-269"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87955"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018619"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39875"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-269"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-87955"
      },
      {
        "date": "2023-10-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-018619"
      },
      {
        "date": "2022-10-07T15:15:23.430000",
        "db": "NVD",
        "id": "CVE-2022-39875"
      },
      {
        "date": "2022-10-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202210-269"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-87955"
      },
      {
        "date": "2023-10-20T08:26:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-018619"
      },
      {
        "date": "2022-10-11T16:58:07.947000",
        "db": "NVD",
        "id": "CVE-2022-39875"
      },
      {
        "date": "2022-10-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202210-269"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-269"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Samsung\u0027s \u00a0account\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018619"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-269"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2022-39875

Vulnerability from fkie_nvd - Published: 2022-10-07 15:15 - Updated: 2024-11-21 07:18

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Summary

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

References

	URL	Tags
	mobile.security@samsung.com	https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10	Vendor Advisory

Impacted products

	Vendor	Product	Version
	samsung	account	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samsung:account:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92550E46-EEA0-4AA5-B9CD-7328C2F98221",
              "versionEndExcluding": "13.5.01.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de protecci\u00f3n de componentes inapropiada en Samsung Account versiones anteriores a 13.5.0, permite a atacantes un cierre de sesi\u00f3n no autorizado"
    }
  ],
  "id": "CVE-2022-39875",
  "lastModified": "2024-11-21T07:18:26.443",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 2.5,
        "source": "mobile.security@samsung.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-10-07T15:15:23.430",
  "references": [
    {
      "source": "mobile.security@samsung.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
    }
  ],
  "sourceIdentifier": "mobile.security@samsung.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "mobile.security@samsung.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2022-87955

Vulnerability from cnvd - Published: 2022-12-15

Title

SAMSUNG Mobile devices帐户组件访问控制错误漏洞

Description

SAMSUNG Mobile devices是韩国三星（SAMSUNG）公司的一系列的三星移动设备，包括手机、平板等。 SAMSUNG Mobile devices 13.5.01.3之前版本存在访问控制错误漏洞，该漏洞源于三星帐户中的组件保护不当。攻击者可利用该漏洞可以未经授权注销。

Severity

低

Patch Name

SAMSUNG Mobile devices帐户组件访问控制错误漏洞的补丁

Patch Description

SAMSUNG Mobile devices是韩国三星（SAMSUNG）公司的一系列的三星移动设备，包括手机、平板等。 SAMSUNG Mobile devices 13.5.01.3之前版本存在访问控制错误漏洞，该漏洞源于三星帐户中的组件保护不当。攻击者可利用该漏洞可以未经授权注销。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10

Reference

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10

Impacted products

Name
Samsung Samsung mobile devices <13.5.01.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-39875",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-39875"
    }
  },
  "description": "SAMSUNG Mobile devices\u662f\u97e9\u56fd\u4e09\u661f\uff08SAMSUNG\uff09\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u7684\u4e09\u661f\u79fb\u52a8\u8bbe\u5907\uff0c\u5305\u62ec\u624b\u673a\u3001\u5e73\u677f\u7b49\u3002\n\nSAMSUNG Mobile devices 13.5.01.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4e09\u661f\u5e10\u6237\u4e2d\u7684\u7ec4\u4ef6\u4fdd\u62a4\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u672a\u7ecf\u6388\u6743\u6ce8\u9500\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-87955",
  "openTime": "2022-12-15",
  "patchDescription": "SAMSUNG Mobile devices\u662f\u97e9\u56fd\u4e09\u661f\uff08SAMSUNG\uff09\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u7684\u4e09\u661f\u79fb\u52a8\u8bbe\u5907\uff0c\u5305\u62ec\u624b\u673a\u3001\u5e73\u677f\u7b49\u3002\r\n\r\nSAMSUNG Mobile devices 13.5.01.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4e09\u661f\u5e10\u6237\u4e2d\u7684\u7ec4\u4ef6\u4fdd\u62a4\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u672a\u7ecf\u6388\u6743\u6ce8\u9500\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAMSUNG Mobile devices\u5e10\u6237\u7ec4\u4ef6\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Samsung Samsung mobile devices \u003c13.5.01.3"
  },
  "referenceLink": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10",
  "serverity": "\u4f4e",
  "submitTime": "2022-10-10",
  "title": "SAMSUNG Mobile devices\u5e10\u6237\u7ec4\u4ef6\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

GSD-2022-39875

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

Aliases

CVE-2022-39875

Aliases

CVE-2022-39875

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-39875",
    "description": "Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.",
    "id": "GSD-2022-39875"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-39875"
      ],
      "details": "Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.",
      "id": "GSD-2022-39875",
      "modified": "2023-12-13T01:19:20.501194Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "mobile.security@samsung.com",
        "ID": "CVE-2022-39875",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Samsung Account",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "",
                          "version_value": "13.5.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Samsung Mobile"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-284 Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10",
            "refsource": "MISC",
            "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:samsung:account:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.5.01.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2022-39875"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 2.5
        }
      },
      "lastModifiedDate": "2022-10-11T16:58Z",
      "publishedDate": "2022-10-07T15:15Z"
    }
  }
}

GHSA-W4PF-496R-GP7Q

Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-11 19:00

Details

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

Severity ?

4.4 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-39875"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-07T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.",
  "id": "GHSA-w4pf-496r-gp7q",
  "modified": "2022-10-11T19:00:27Z",
  "published": "2022-10-07T18:15:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39875"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-39875 (GCVE-0-2022-39875)

VAR-202210-0113

FKIE_CVE-2022-39875

CNVD-2022-87955

GSD-2022-39875

GHSA-W4PF-496R-GP7Q

Tags

Sightings

Nomenclature