CVE-2024-34597 - OpenCVE

Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Samsung	Health

Configuration 1 [-]

cpe:2.3:a:samsung:health:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=07

History

No history.

MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published: 2024-07-02T09:23:37.348Z

Updated: 2024-08-02T02:59:22.192Z

Reserved: 2024-05-07T04:43:27.829Z

Link: CVE-2024-34597

Vulnrichment

Updated: 2024-08-02T02:59:22.192Z

NVD

Status : Analyzed

Published: 2024-07-02T10:15:08.487

Modified: 2024-07-02T18:04:57.147

Link: CVE-2024-34597

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34597", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "state": "PUBLISHED", "assignerShortName": "SamsungMobile", "dateReserved": "2024-05-07T04:43:27.829Z", "datePublished": "2024-07-02T09:23:37.348Z", "dateUpdated": "2024-08-02T02:59:22.192Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20: Improper Input Validation"}]}], "affected": [{"vendor": "Samsung Mobile", "product": "Samsung Health", "versions": [{"status": "unaffected", "version": "6.27.0.113"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability."}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=07"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "SamsungMobile", "dateUpdated": "2024-07-02T09:23:37.348Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-02T13:39:46.446480Z", "id": "CVE-2024-34597", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T13:39:57.746Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:22.192Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=07", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=07", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:22.192Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34597", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-02T13:39:46.446480Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T13:39:53.080Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Samsung Mobile", "product": "Samsung Health", "versions": [{"status": "unaffected", "version": "6.27.0.113"}], "defaultStatus": "affected"}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=07"}], "descriptions": [{"lang": "en", "value": "Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "SamsungMobile", "dateUpdated": "2024-07-02T09:23:37.348Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34597", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:59:22.192Z", "dateReserved": "2024-05-07T04:43:27.829Z", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "datePublished": "2024-07-02T09:23:37.348Z", "assignerShortName": "SamsungMobile"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:health:*:*:*:*:*:*:*:*", "matchCriteriaId": "72946B1F-4F1C-4AEF-BB97-6E91D10365C5", "versionEndExcluding": "6.27.0.113", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability."}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta en Samsung Health anterior a la versi\u00f3n 6.27.0.113 permite a atacantes locales escribir archivos de documentos arbitrarios en la sandbox de Samsung Health. Se requiere la interacci\u00f3n del usuario para activar esta vulnerabilidad."}], "id": "CVE-2024-34597", "lastModified": "2024-07-02T18:04:57.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "mobile.security@samsung.com", "type": "Secondary"}]}, "published": "2024-07-02T10:15:08.487", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=07"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}