Details of VAR-201705-2404

ID

VAR-201705-2404

CVE

CVE-2016-0004

TITLE

A variety of Samsung mobile security bypass vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2017-07191

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. SamsungSM-G920F (GalaxyS6) and so on are all smartphones released by South Korea's Samsung. There are security bypass vulnerabilities in several Samsung phones. An attacker could use the vulnerability to make a call, send a text message, or post a command. Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Samsung Galaxy S4 through S6 devices are vulnerable

Trust: 3.15

sources: NVD: CVE-2016-0004 // CNVD: CNVD-2017-07191 // CNVD: CNVD-2017-07192 // BID: 97650 // BID: 97701 // BID: 97703 // VULHUB: VHN-87514 // VULHUB: VHN-92849 // VULHUB: VHN-92850 // VULHUB: VHN-92851

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2017-07191 // CNVD: CNVD-2017-07192

AFFECTED PRODUCTS

vendor:	samsung	model:	galaxy note sm-n9005 build n9005xxugbok6	scope:	eq	version:	3	Trust: 1.2
vendor:	samsung	model:	galaxy s4 mini gt-i9192 build i9192xxubnb1	scope:	-	version:	-	Trust: 1.2
vendor:	samsung	model:	galaxy s4 mini lte gt-i9195 build i9195xxucol1	scope:	-	version:	-	Trust: 1.2
vendor:	samsung	model:	galaxy s4 gt-i9505 build i9505xxuhoj2	scope:	-	version:	-	Trust: 1.2
vendor:	samsung	model:	galaxy s6 sm-g920f build g920f	scope:	-	version:	-	Trust: 0.9
vendor:	samsung	model:	galaxy s4 mini lte gt-i9195 build i9195	scope:	-	version:	-	Trust: 0.9
vendor:	samsung	model:	galaxy s4 mini gt-i9192 build i9192	scope:	-	version:	-	Trust: 0.9
vendor:	samsung	model:	galaxy s4 gt-i9505 build i9505	scope:	-	version:	-	Trust: 0.9
vendor:	samsung	model:	galaxy note sm-n9005 build n9005	scope:	eq	version:	3	Trust: 0.9
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.9
vendor:	samsung	model:	galaxy s6 sm-g920f build g920fxxu2coh2	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-07191 // CNVD: CNVD-2017-07192 // BID: 97650 // BID: 97701 // BID: 97703

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-07191
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2017-07192
value:	LOW
Trust: 0.6
VULHUB:	VHN-92849
value:	MEDIUM
Trust: 0.1
VULHUB:	VHN-92850
value:	MEDIUM
Trust: 0.1
VULHUB:	VHN-92851
value:	LOW
Trust: 0.1

CNVD:	CNVD-2017-07191
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2017-07192
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-92849
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-92850
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-92851
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2017-07191 // CNVD: CNVD-2017-07192 // VULHUB: VHN-92849 // VULHUB: VHN-92850 // VULHUB: VHN-92851

PROBLEMTYPE DATA

problemtype:

CWE-284

Trust: 0.3

sources: VULHUB: VHN-92849 // VULHUB: VHN-92850 // VULHUB: VHN-92851

THREAT TYPE

network

Trust: 0.9

sources: BID: 97650 // BID: 97701 // BID: 97703

TYPE

Design Error

Trust: 0.9

sources: BID: 97650 // BID: 97701 // BID: 97703

PATCH

title:	A variety of Samsung mobile phone security bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/94087	Trust: 0.6
title:	Patches for several Samsung Mobile Security Surveillance Vulnerabilities (CNVD-2017-07192)	url:	https://www.cnvd.org.cn/patchInfo/show/94088	Trust: 0.6

sources: CNVD: CNVD-2017-07191 // CNVD: CNVD-2017-07192

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0004	Trust: 3.5
db:	BID	id:	97650	Trust: 1.0
db:	CNVD	id:	CNVD-2017-07191	Trust: 0.6
db:	CNVD	id:	CNVD-2017-07192	Trust: 0.6
db:	BID	id:	97701	Trust: 0.4
db:	BID	id:	97703	Trust: 0.4
db:	VULHUB	id:	VHN-87514	Trust: 0.1
db:	CNNVD	id:	CNNVD-201704-750	Trust: 0.1
db:	VULHUB	id:	VHN-92849	Trust: 0.1
db:	CNNVD	id:	CNNVD-201704-749	Trust: 0.1
db:	VULHUB	id:	VHN-92850	Trust: 0.1
db:	CNNVD	id:	CNNVD-201704-748	Trust: 0.1
db:	VULHUB	id:	VHN-92851	Trust: 0.1

sources: CNVD: CNVD-2017-07191 // CNVD: CNVD-2017-07192 // VULHUB: VHN-87514 // VULHUB: VHN-92849 // VULHUB: VHN-92850 // VULHUB: VHN-92851 // BID: 97650 // BID: 97701 // BID: 97703 // NVD: CVE-2016-0004

REFERENCES

url:	https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004	Trust: 2.4
url:	http://www.samsung.com/	Trust: 0.9
url:	http://www.securityfocus.com/bid/97701	Trust: 0.1
url:	http://www.securityfocus.com/bid/97703	Trust: 0.1
url:	http://www.securityfocus.com/bid/97650	Trust: 0.1

sources: CNVD: CNVD-2017-07191 // CNVD: CNVD-2017-07192 // VULHUB: VHN-92849 // VULHUB: VHN-92850 // VULHUB: VHN-92851 // BID: 97650 // BID: 97701 // BID: 97703

CREDITS

Roberto Paleari (@rpaleari) and Aristide Fattori (@joystick).

Trust: 0.9

sources: BID: 97650 // BID: 97701 // BID: 97703

SOURCES

db:	CNVD	id:	CNVD-2017-07191
db:	CNVD	id:	CNVD-2017-07192
db:	VULHUB	id:	VHN-87514
db:	VULHUB	id:	VHN-92849
db:	VULHUB	id:	VHN-92850
db:	VULHUB	id:	VHN-92851
db:	BID	id:	97650
db:	BID	id:	97701
db:	BID	id:	97703
db:	NVD	id:	CVE-2016-0004

LAST UPDATE DATE

2024-08-14T13:46:50.559000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-07191	date:	2017-05-22T00:00:00
db:	CNVD	id:	CNVD-2017-07192	date:	2017-05-22T00:00:00
db:	VULHUB	id:	VHN-87514	date:	2017-05-11T00:00:00
db:	VULHUB	id:	VHN-92849	date:	2017-04-25T00:00:00
db:	VULHUB	id:	VHN-92850	date:	2017-04-25T00:00:00
db:	VULHUB	id:	VHN-92851	date:	2017-04-25T00:00:00
db:	BID	id:	97650	date:	2017-04-18T00:06:00
db:	BID	id:	97701	date:	2017-04-18T00:07:00
db:	BID	id:	97703	date:	2017-04-18T00:07:00
db:	NVD	id:	CVE-2016-0004	date:	2023-11-07T02:29:00.280

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-07191	date:	2017-05-22T00:00:00
db:	CNVD	id:	CNVD-2017-07192	date:	2017-05-22T00:00:00
db:	VULHUB	id:	VHN-87514	date:	2017-05-11T00:00:00
db:	VULHUB	id:	VHN-92849	date:	2017-04-13T00:00:00
db:	VULHUB	id:	VHN-92850	date:	2017-04-13T00:00:00
db:	VULHUB	id:	VHN-92851	date:	2017-04-13T00:00:00
db:	BID	id:	97650	date:	2017-04-13T00:00:00
db:	BID	id:	97701	date:	2017-04-13T00:00:00
db:	BID	id:	97703	date:	2017-04-13T00:00:00
db:	NVD	id:	CVE-2016-0004	date:	2017-05-11T14:29:55.780