Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Samsung |
|
Configuration 1 [-]
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-34949 | Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 05 Sep 2024 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-863 | |
| CPEs | cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-apr-2022-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-apr-2024-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-aug-2022-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-aug-2024-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-dec-2021-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-dec-2022-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-dec-2023-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-feb-2022-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-feb-2024-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-jan-2022-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-jan-2024-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-jul-2022-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-jul-2024-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-jun-2022-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-mar-2022-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-mar-2024-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-may-2022-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-may-2024-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-nov-2021-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-nov-2022-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-nov-2023-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-oct-2022-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-oct-2023-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-sep-2022-r1:*:*:*:*:*:* cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:* |
Wed, 04 Sep 2024 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Samsung
Samsung android |
|
| CPEs | cpe:2.3:o:samsung:android:14.0:smr-sep-2024-r1:*:*:*:*:*:* | |
| Vendors & Products |
Samsung
Samsung android |
|
| Metrics |
ssvc
|
Wed, 04 Sep 2024 05:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel. | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: SamsungMobile
Published:
Updated: 2024-09-04T13:17:51.476Z
Reserved: 2024-05-07T04:43:27.840Z
Link: CVE-2024-34650
Vulnrichment
Updated: 2024-09-04T13:17:34.949Z
NVD
Status : Analyzed
Published: 2024-09-04T06:15:14.583
Modified: 2024-09-05T17:59:36.770
Link: CVE-2024-34650
Redhat
No data.
OpenCVE Enrichment
No data.