CVE-2019-11341 - OpenCVE

On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Samsung	Phone

Configuration 1 [-]

AND

cpe:2.3:h:samsung:phone:-:*:*:*:*:*:*:*

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html
https://security.samsungmobile.com/securityUpdate.smsb
https://twitter.com/fs0c131y/status/1115889065285562368

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-09T15:00:17

Updated: 2024-08-04T22:48:09.214Z

Reserved: 2019-04-19T00:00:00

Link: CVE-2019-11341

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-10-09T16:15:14.233

Modified: 2019-11-05T15:02:36.090

Link: CVE-2019-11341

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-09T15:00:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}, {"tags": ["x_refsource_MISC"], "url": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/fs0c131y/status/1115889065285562368"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11341", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://security.samsungmobile.com/securityUpdate.smsb", "refsource": "MISC", "url": "https://security.samsungmobile.com/securityUpdate.smsb"}, {"name": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html", "refsource": "MISC", "url": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html"}, {"name": "https://twitter.com/fs0c131y/status/1115889065285562368", "refsource": "MISC", "url": "https://twitter.com/fs0c131y/status/1115889065285562368"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:48:09.214Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/fs0c131y/status/1115889065285562368"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11341", "datePublished": "2019-10-09T15:00:17", "dateReserved": "2019-04-19T00:00:00", "dateUpdated": "2024-08-04T22:48:09.214Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:phone:-:*:*:*:*:*:*:*", "matchCriteriaId": "343F6924-CADF-4BE3-88C7-61E469E88BD3", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic."}, {"lang": "es", "value": "En ciertos tel\u00e9fonos Samsung P(9.0), un atacante con acceso f\u00edsico puede iniciar una captura de volcado TCP sin el conocimiento del usuario. Esta funcionalidad de la aplicaci\u00f3n Service Mode est\u00e1 disponible despu\u00e9s de ingresar el c\u00f3digo de comprobaci\u00f3n *#9900#, pero est\u00e1 protegida mediante una contrase\u00f1a OTP. Sin embargo, esta contrase\u00f1a se crea localmente y (debido al manejo inapropiado de la criptograf\u00eda) puede ser obtenida f\u00e1cilmente al invertir la l\u00f3gica de creaci\u00f3n de contrase\u00f1a."}], "id": "CVE-2019-11341", "lastModified": "2019-11-05T15:02:36.090", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-09T16:15:14.233", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://twitter.com/fs0c131y/status/1115889065285562368"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}