Sign-up

ID

VAR-202004-1290


CVE

CVE-2016-11050


TITLE

Samsung Vulnerabilities in mobile devices

Trust: 0.8

sources: JVNDB: JVNDB-2015-008639

DESCRIPTION

An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016)

Trust: 1.62

sources: NVD: CVE-2016-11050 // JVNDB: JVNDB-2015-008639

AFFECTED PRODUCTS

vendor:samsungmodel:note3scope:eqversion: -

Trust: 1.0

vendor:samsungmodel:note2scope:eqversion: -

Trust: 1.0

vendor:samsungmodel:s4scope:eqversion: -

Trust: 1.0

vendor:samsungmodel:s5scope:eqversion: -

Trust: 1.0

vendor:samsungmodel:s3scope:eqversion: -

Trust: 1.0

vendor:samsungmodel:note 2scope: - version: -

Trust: 0.8

vendor:samsungmodel:note 3scope: - version: -

Trust: 0.8

vendor:samsungmodel:s3scope: - version: -

Trust: 0.8

vendor:samsungmodel:s4scope: - version: -

Trust: 0.8

vendor:samsungmodel:s5scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2015-008639 // NVD: CVE-2016-11050

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-11050
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2015-008639
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202004-246
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2016-11050
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2015-008639
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2016-11050
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.7
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2015-008639
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2015-008639 // CNNVD: CNNVD-202004-246 // NVD: CVE-2016-11050

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2016-11050

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-246

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008639

PATCH
title:SMR-MAR-2016url:https://security.samsungmobile.com/securityUpdate.smsb
Trust: 0.8
title:Samsung Mobile device security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115495
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-008639 // 
            
            
            
            CNNVD: CNNVD-202004-246

EXTERNAL IDS
db:NVDid:CVE-2016-11050
Trust: 2.4
db:JVNDBid:JVNDB-2015-008639
Trust: 0.8
db:CNNVDid:CNNVD-202004-246
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-008639 // 
            
            
            
            CNNVD: CNNVD-202004-246 // 
            
            
            
            NVD: CVE-2016-11050

REFERENCES
url:https://security.samsungmobile.com/securityupdate.smsb
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2016-11050
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-11050
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-008639 // 
            
            
            
            CNNVD: CNNVD-202004-246 // 
            
            
            
            NVD: CVE-2016-11050

SOURCES
db:JVNDBid:JVNDB-2015-008639
db:CNNVDid:CNNVD-202004-246
db:NVDid:CVE-2016-11050

LAST UPDATE DATE
2024-11-23T22:21:12.891000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2015-008639date:2020-04-28T00:00:00
db:CNNVDid:CNNVD-202004-246date:2021-01-05T00:00:00
db:NVDid:CVE-2016-11050date:2024-11-21T02:45:23.043

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2015-008639date:2020-04-28T00:00:00
db:CNNVDid:CNNVD-202004-246date:2020-04-07T00:00:00
db:NVDid:CVE-2016-11050date:2020-04-07T13:15:13.180