Details of VAR-201311-0425

ID

VAR-201311-0425

TITLE

Samsung Galaxy S4 has an unknown vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-14545

DESCRIPTION

The Samsung Galaxy S4 has a security vulnerability that allows an attacker to install malware on an affected device and steal data from a number of applications installed on the Samsung Galaxy S4, including contacts, favorites, SMS messages, and more. The attacker is required to entice the user to link to the controller's malicious site to utilize. The vulnerability has been demonstrated in the Mobile Pwn2Own Hacking Contest. The Samsung Galaxy S4 is a smartphone released by Samsung in South Korea. There are security holes in Samsung Galaxy S4. An attacker could use this vulnerability to install arbitrary applications on the device with system-level permissions. It could leak sensitive information in the context of the affected device, and there may be other forms of attacks. Others attacks are also possible

Trust: 1.35

sources: CNVD: CNVD-2013-14545 // CNNVD: CNNVD-201311-225 // BID: 63726

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-14545

AFFECTED PRODUCTS

vendor:	samsung	model:	galaxy s4	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	galaxy s4	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2013-14545 // BID: 63726

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-14545
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2013-14545
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-14545

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-225

TYPE

Unknown

Trust: 0.3

sources: BID: 63726

EXTERNAL IDS

db:	BID	id:	63726	Trust: 1.5
db:	CNVD	id:	CNVD-2013-14545	Trust: 0.6
db:	CNNVD	id:	CNNVD-201311-225	Trust: 0.6

sources: CNVD: CNVD-2013-14545 // BID: 63726 // CNNVD: CNNVD-201311-225

REFERENCES

url:	http://www.hppwn2own.com/local-japanese-team-exploits-mobile-applications-install-malware-samsung-galaxy-s4/	Trust: 0.9
url:	http://www.securityfocus.com/bid/63726	Trust: 0.6
url:	http://www.samsung.com/us/guide-to-galaxy-smart-devices/galaxy-s-4-smartphone.html?cid=ppc-	Trust: 0.3
url:	http://www.samsung.com/	Trust: 0.3

sources: CNVD: CNVD-2013-14545 // BID: 63726 // CNNVD: CNNVD-201311-225

CREDITS

Team MBSD of Mitsui Bussan Secure Directions, Inc.

Trust: 0.9

sources: BID: 63726 // CNNVD: CNNVD-201311-225

SOURCES

db:	CNVD	id:	CNVD-2013-14545
db:	BID	id:	63726
db:	CNNVD	id:	CNNVD-201311-225

LAST UPDATE DATE

2022-05-17T02:01:13.482000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-14545	date:	2013-11-20T00:00:00
db:	BID	id:	63726	date:	2013-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201311-225	date:	2013-11-21T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-14545	date:	2013-11-19T00:00:00
db:	BID	id:	63726	date:	2013-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201311-225	date:	2013-11-21T00:00:00