Details of VAR-201910-0848

ID

VAR-201910-0848

CVE

CVE-2019-17668

TITLE

Samsung Galaxy S10 and Note10 Vulnerability related to input validation on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-011126

DESCRIPTION

Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector. Samsung Galaxy S10 and Note10 The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Samsung Galaxy S10 and Samsung Galaxy Note10 are both smartphones of the Korean company Samsung. There are security holes in Samsung Galaxy S10 and Samsung Galaxy Note10. An attacker can use the unregistered fingerprint to use the vulnerability to open the phone

Trust: 2.16

sources: NVD: CVE-2019-17668 // JVNDB: JVNDB-2019-011126 // CNVD: CNVD-2020-27307

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-27307

AFFECTED PRODUCTS

vendor:	samsung	model:	galaxy s10	scope:	eq	version:	-	Trust: 2.2
vendor:	samsung	model:	note 10	scope:	eq	version:	-	Trust: 2.2
vendor:	samsung	model:	galaxy s10	scope:	-	version:	-	Trust: 1.4
vendor:	samsung	model:	galaxy note10	scope:	-	version:	-	Trust: 1.4

sources: CNVD: CNVD-2020-27307 // JVNDB: JVNDB-2019-011126 // CNNVD: CNNVD-201910-1192 // NVD: CVE-2019-17668

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-17668
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-17668
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-27307
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201910-1192
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-17668
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-27307
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-17668
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-17668
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-27307 // JVNDB: JVNDB-2019-011126 // CNNVD: CNNVD-201910-1192 // NVD: CVE-2019-17668

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2019-011126 // NVD: CVE-2019-17668

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1192

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011126

PATCH

title:	Galaxy Note10 \| Note10+ \| Note10 5G \| Note10+ 5G	url:	https://www.samsung.com/global/galaxy/galaxy-note10/	Trust: 0.8
title:	Galaxy S10e \| S10 \| S10+ \| S10 5G	url:	https://www.samsung.com/global/galaxy/galaxy-s10/	Trust: 0.8

sources: JVNDB: JVNDB-2019-011126

EXTERNAL IDS

db:	NVD	id:	CVE-2019-17668	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-011126	Trust: 0.8
db:	CNVD	id:	CNVD-2020-27307	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-1192	Trust: 0.6

sources: CNVD: CNVD-2020-27307 // JVNDB: JVNDB-2019-011126 // CNNVD: CNNVD-201910-1192 // NVD: CVE-2019-17668

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-17668	Trust: 2.0
url:	https://www.forbes.com/sites/gordonkelly/2019/10/15/samsung-galaxy-s10-note10-plus-fingerprint-reader-warning-upgrade-galaxy-s11	Trust: 1.6
url:	https://www.engadget.com/2019/10/17/samsung-patch-fingerprint-reader/	Trust: 1.6
url:	https://news.ycombinator.com/item?id=21280205	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17668	Trust: 0.8
url:	https://www.forbes.com/sites/gordonkelly/2019/10/15/samsung-galaxy-s10-note10-plus-fingerprint-reader-warning-upgrade-galaxy-s11/#9b7a0c324ae6	Trust: 0.8

sources: CNVD: CNVD-2020-27307 // JVNDB: JVNDB-2019-011126 // CNNVD: CNNVD-201910-1192 // NVD: CVE-2019-17668

SOURCES

db:	CNVD	id:	CNVD-2020-27307
db:	JVNDB	id:	JVNDB-2019-011126
db:	CNNVD	id:	CNNVD-201910-1192
db:	NVD	id:	CVE-2019-17668

LAST UPDATE DATE

2024-11-23T22:55:25.680000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-27307	date:	2020-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-011126	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-1192	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2019-17668	date:	2024-11-21T04:32:44.470

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-27307	date:	2020-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-011126	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-1192	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-17668	date:	2019-10-17T12:15:12.477