CVE-2022-39910 - OpenCVE

Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Samsung	Pass

Configuration 1 [-]

cpe:2.3:a:samsung:pass:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12

History

No history.

MITRE

Status: PUBLISHED

Assigner: Samsung Mobile

Published: 2022-12-08T00:00:00

Updated: 2024-08-03T12:07:42.906Z

Reserved: 2022-09-05T00:00:00

Link: CVE-2022-39910

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-12-08T16:15:12.853

Modified: 2022-12-12T16:00:27.487

Link: CVE-2022-39910

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:pass:*:*:*:*:*:*:*:*", "matchCriteriaId": "80A58A2E-B144-4CB7-AC5D-790906DA1CA9", "versionEndExcluding": "4.0.06.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso inadecuado en Samsung Pass anterior a la versi\u00f3n 4.0.06.7 permite a atacantes f\u00edsicos acceder a datos de Samsung Pass en un cierto estado de un dispositivo desbloqueado mediante la vista emergente."}], "id": "CVE-2022-39910", "lastModified": "2022-12-12T16:00:27.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 3.6, "source": "mobile.security@samsung.com", "type": "Secondary"}]}, "published": "2022-12-08T16:15:12.853", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "mobile.security@samsung.com", "type": "Secondary"}]}