cve-2023-42545
Vulnerability from cvelistv5
Published
2023-11-07 07:49
Modified
2024-09-17 13:32
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data.
References
mobile.security@samsung.comhttps://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:23:39.655Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42545",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T18:03:16.464601Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T13:32:33.996Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Phone",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "status": "unaffected",
              "version": "12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-07T07:49:43.966Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2023-42545",
    "datePublished": "2023-11-07T07:49:43.966Z",
    "dateReserved": "2023-09-11T23:55:08.350Z",
    "dateUpdated": "2024-09-17T13:32:33.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7.20.12\", \"matchCriteriaId\": \"5FE3D414-AB15-464A-B774-07A7437AF039\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:samsung:android:11.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA3806E2-A780-4BB5-B4DC-D015D841E4C7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.1.48\", \"matchCriteriaId\": \"C7D1B532-E73A-4C63-95D5-8D40C2A197FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.5.0\", \"versionEndExcluding\": \"13.5.28\", \"matchCriteriaId\": \"A4B9617A-1B75-45C9-B87D-0F3A451884D3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"D757450C-270E-4FB2-A50C-7F769FED558A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.7.38\", \"matchCriteriaId\": \"8623488D-66A9-4EA0-A086-09458C338422\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"A123EDB1-3048-44B0-8D4D-39A2B24B5F6B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data.\"}, {\"lang\": \"es\", \"value\": \"El uso de intenci\\u00f3n impl\\u00edcita para una vulnerabilidad de comunicaci\\u00f3n confidencial en Phone antes de las versiones 12.7.20.12 en Android 11, 13.1.48, 13.5.28 en Android 12 y 14.7.38 en Android 13 permite a los atacantes acceder a datos de ubicaci\\u00f3n.\"}]",
      "id": "CVE-2023-42545",
      "lastModified": "2024-11-21T08:22:45.483",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"mobile.security@samsung.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-11-07T08:15:21.027",
      "references": "[{\"url\": \"https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11\", \"source\": \"mobile.security@samsung.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "mobile.security@samsung.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-42545\",\"sourceIdentifier\":\"mobile.security@samsung.com\",\"published\":\"2023-11-07T08:15:21.027\",\"lastModified\":\"2024-11-21T08:22:45.483\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data.\"},{\"lang\":\"es\",\"value\":\"El uso de intenci\u00f3n impl\u00edcita para una vulnerabilidad de comunicaci\u00f3n confidencial en Phone antes de las versiones 12.7.20.12 en Android 11, 13.1.48, 13.5.28 en Android 12 y 14.7.38 en Android 13 permite a los atacantes acceder a datos de ubicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"mobile.security@samsung.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7.20.12\",\"matchCriteriaId\":\"5FE3D414-AB15-464A-B774-07A7437AF039\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:samsung:android:11.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA3806E2-A780-4BB5-B4DC-D015D841E4C7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.1.48\",\"matchCriteriaId\":\"C7D1B532-E73A-4C63-95D5-8D40C2A197FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.5.0\",\"versionEndExcluding\":\"13.5.28\",\"matchCriteriaId\":\"A4B9617A-1B75-45C9-B87D-0F3A451884D3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D757450C-270E-4FB2-A50C-7F769FED558A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.7.38\",\"matchCriteriaId\":\"8623488D-66A9-4EA0-A086-09458C338422\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A123EDB1-3048-44B0-8D4D-39A2B24B5F6B\"}]}]}],\"references\":[{\"url\":\"https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11\",\"source\":\"mobile.security@samsung.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:23:39.655Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-42545\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-04T18:03:16.464601Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-17T13:32:28.463Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Samsung Mobile\", \"product\": \"Phone\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-927 : Use of Implicit Intent for Sensitive Communication\"}]}], \"providerMetadata\": {\"orgId\": \"3af57064-a867-422c-b2ad-40307b65c458\", \"shortName\": \"Samsung Mobile\", \"dateUpdated\": \"2023-11-07T07:49:43.966Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-42545\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-17T13:32:33.996Z\", \"dateReserved\": \"2023-09-11T23:55:08.350Z\", \"assignerOrgId\": \"3af57064-a867-422c-b2ad-40307b65c458\", \"datePublished\": \"2023-11-07T07:49:43.966Z\", \"assignerShortName\": \"Samsung Mobile\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.