Sign-up

ID

VAR-202103-1321


CVE

CVE-2021-25355


TITLE

Samsung Notes  Inappropriate Default Permission Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004886

DESCRIPTION

Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent. Samsung Notes Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-25355 // JVNDB: JVNDB-2021-004886 // VULMON: CVE-2021-25355

AFFECTED PRODUCTS

vendor:samsungmodel:notesscope:ltversion:4.2.00.22

Trust: 1.0

vendor:サムスンmodel:samsung notesscope:eqversion: -

Trust: 0.8

vendor:サムスンmodel:samsung notesscope:eqversion:4.2.00.22

Trust: 0.8

sources: JVNDB: JVNDB-2021-004886 // NVD: CVE-2021-25355

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-25355
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202103-1485
value: HIGH

Trust: 0.6

VULMON: CVE-2021-25355
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-25355
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2021-25355
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-25355
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-25355 // JVNDB: JVNDB-2021-004886 // CNNVD: CNNVD-202103-1485 // NVD: CVE-2021-25355

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.0

problemtype:Inappropriate default permissions (CWE-276) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004886 // NVD: CVE-2021-25355

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1485

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-1485

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-25355

PATCH
title:Security Updates (Other Updates)url:https://security.samsungmobile.com/serviceweb.smsb
Trust: 0.8
title:Samsung Notes Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=145901
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-004886 // 
            
            
            
            CNNVD: CNNVD-202103-1485

EXTERNAL IDS
db:NVDid:CVE-2021-25355
Trust: 2.5
db:JVNDBid:JVNDB-2021-004886
Trust: 0.8
db:CNNVDid:CNNVD-202103-1485
Trust: 0.6
db:VULMONid:CVE-2021-25355
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-25355 // 
            
            
            
            JVNDB: JVNDB-2021-004886 // 
            
            
            
            CNNVD: CNNVD-202103-1485 // 
            
            
            
            NVD: CVE-2021-25355

REFERENCES
url:https://security.samsungmobile.com/
Trust: 1.7
url:https://security.samsungmobile.com/serviceweb.smsb
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2021-25355
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/276.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-25355 // 
            
            
            
            JVNDB: JVNDB-2021-004886 // 
            
            
            
            CNNVD: CNNVD-202103-1485 // 
            
            
            
            NVD: CVE-2021-25355

SOURCES
db:VULMONid:CVE-2021-25355
db:JVNDBid:JVNDB-2021-004886
db:CNNVDid:CNNVD-202103-1485
db:NVDid:CVE-2021-25355

LAST UPDATE DATE
2022-05-04T09:37:49.117000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-25355date:2021-03-30T00:00:00
db:JVNDBid:JVNDB-2021-004886date:2021-12-01T09:04:00
db:CNNVDid:CNNVD-202103-1485date:2021-03-31T00:00:00
db:NVDid:CVE-2021-25355date:2021-03-30T21:08:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-25355date:2021-03-25T00:00:00
db:JVNDBid:JVNDB-2021-004886date:2021-12-01T00:00:00
db:CNNVDid:CNNVD-202103-1485date:2021-03-25T00:00:00
db:NVDid:CVE-2021-25355date:2021-03-25T17:15:00