OpenCVE

Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Samsung	Pass

Configuration 1 [-]

cpe:2.3:a:samsung:pass:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12

History

No history.

MITRE

Status: PUBLISHED

Assigner: Samsung Mobile

Published: 2022-12-08T00:00:00

Updated: 2024-08-03T12:07:42.907Z

Reserved: 2022-09-05T00:00:00

Link: CVE-2022-39911

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-08T16:15:12.917

Modified: 2024-11-21T07:18:30.807

Link: CVE-2022-39911

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:pass:*:*:*:*:*:*:*:*", "matchCriteriaId": "091482FE-3261-44BD-AD36-4AF5E64CDC27", "versionEndExcluding": "4.0.06.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass."}, {"lang": "es", "value": "Vulnerabilidad de verificaci\u00f3n incorrecta o manejo de la condiciones excepcionales en Samsung Pass anterior a la versi\u00f3n 4.0.06.1 permite al atacante acceder a Samsung Pass."}], "id": "CVE-2022-39911", "lastModified": "2024-11-21T07:18:30.807", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.4, "impactScore": 4.0, "source": "mobile.security@samsung.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-08T16:15:12.917", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-703"}], "source": "mobile.security@samsung.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}