Sign-up

ID

VAR-201905-1276


CVE

CVE-2019-12087


TITLE

plural Samsung Resource management vulnerabilities in product devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-004562

DESCRIPTION

Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. For example, the victim becomes stuck in a launcher with their Secure Folder locked. NOTE: the researcher mentions "the Samsung Security Team considered this issue as no/little security impact. ** Unsettled ** This issue has not been confirmed as a vulnerability. Vendors are challenging this vulnerability. See below for details NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2019-12087Denial of service (DoS) May be in a state. The Samsung S9+ and others are all smartphones of the South Korean company Samsung. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 1.71

sources: NVD: CVE-2019-12087 // JVNDB: JVNDB-2019-004562 // VULHUB: VHN-143798

AFFECTED PRODUCTS

vendor:samsungmodel:xcover 4scope:eqversion: -

Trust: 1.0

vendor:samsungmodel:s9\+scope:eqversion: -

Trust: 1.0

vendor:samsungmodel:s10scope:eqversion: -

Trust: 1.0

vendor:samsungmodel:galaxy s10scope: - version: -

Trust: 0.8

vendor:samsungmodel:galaxy s9+scope: - version: -

Trust: 0.8

vendor:samsungmodel:galaxy xcover 4scope:eqversion:9.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-004562 // NVD: CVE-2019-12087

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12087
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12087
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-358
value: MEDIUM

Trust: 0.6

VULHUB: VHN-143798
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12087
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-143798
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12087
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-143798 // JVNDB: JVNDB-2019-004562 // CNNVD: CNNVD-201905-358 // NVD: CVE-2019-12087

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-143798 // JVNDB: JVNDB-2019-004562 // NVD: CVE-2019-12087

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-358

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201905-358

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004562

PATCH
title:1Galaxy S9 | S9+url:https://www.samsung.com/id/smartphones/galaxy-s9/
Trust: 0.8
title:Galaxy S10e | S10 | S10+ | S10 5Gurl:https://www.samsung.com/global/galaxy/galaxy-s10/
Trust: 0.8
title:Galaxy XCover 4 (SM-G390F)url:https://www.samsung.com/de/support/model/SM-G390FZKADBT/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-004562

EXTERNAL IDS
db:NVDid:CVE-2019-12087
Trust: 2.5
db:JVNDBid:JVNDB-2019-004562
Trust: 0.8
db:CNNVDid:CNNVD-201905-358
Trust: 0.7
db:VULHUBid:VHN-143798
Trust: 0.1
sources:
            
            
            VULHUB: VHN-143798 // 
            
            
            
            JVNDB: JVNDB-2019-004562 // 
            
            
            
            CNNVD: CNNVD-201905-358 // 
            
            
            
            NVD: CVE-2019-12087

REFERENCES
url:https://github.com/fs0c131y/samsunglocker
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-12087
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12087
Trust: 0.8
sources:
            
            
            VULHUB: VHN-143798 // 
            
            
            
            JVNDB: JVNDB-2019-004562 // 
            
            
            
            CNNVD: CNNVD-201905-358 // 
            
            
            
            NVD: CVE-2019-12087

SOURCES
db:VULHUBid:VHN-143798
db:JVNDBid:JVNDB-2019-004562
db:CNNVDid:CNNVD-201905-358
db:NVDid:CVE-2019-12087

LAST UPDATE DATE
2024-11-23T22:12:00.430000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-143798date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004562date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-358date:2019-05-28T00:00:00
db:NVDid:CVE-2019-12087date:2024-11-21T04:22:10.903

SOURCES RELEASE DATE
db:VULHUBid:VHN-143798date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-004562date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-358date:2019-05-13T00:00:00
db:NVDid:CVE-2019-12087date:2019-05-14T03:29:05.520