Details of VAR-202106-1607

ID

VAR-202106-1607

CVE

CVE-2021-25405

TITLE

Samsung Notes Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-008051

DESCRIPTION

An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files. Samsung Notes Contains an improper authentication vulnerability.Information may be obtained. Samsung Notes is a Notes series smart phone product of South Korea's Samsung (Samsung) company

Trust: 2.16

sources: NVD: CVE-2021-25405 // JVNDB: JVNDB-2021-008051 // CNVD: CNVD-2021-44738

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-44738

AFFECTED PRODUCTS

vendor:	samsung	model:	notes	scope:	lt	version:	4.2.04.27	Trust: 1.6
vendor:	サムスン	model:	samsung notes	scope:	eq	version:	-	Trust: 0.8
vendor:	サムスン	model:	samsung notes	scope:	eq	version:	4.2.04.27	Trust: 0.8

sources: CNVD: CNVD-2021-44738 // JVNDB: JVNDB-2021-008051 // NVD: CVE-2021-25405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-25405
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-25405
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-44738
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202106-957
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-25405
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-44738
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-25405
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-25405
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-44738 // JVNDB: JVNDB-2021-008051 // CNNVD: CNNVD-202106-957 // NVD: CVE-2021-25405

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	Bad authentication (CWE-863) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008051 // NVD: CVE-2021-25405

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-957

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202106-957

PATCH

title:	Security Updates (MAY-2021 Updates)	url:	https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5	Trust: 0.8
title:	Patch for Samsung Notes incorrect access control vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/275001	Trust: 0.6
title:	Samsung Notes Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155001	Trust: 0.6

sources: CNVD: CNVD-2021-44738 // JVNDB: JVNDB-2021-008051 // CNNVD: CNNVD-202106-957

EXTERNAL IDS

db:	NVD	id:	CVE-2021-25405	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-008051	Trust: 0.8
db:	CNVD	id:	CNVD-2021-44738	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-957	Trust: 0.6

sources: CNVD: CNVD-2021-44738 // JVNDB: JVNDB-2021-008051 // CNNVD: CNNVD-202106-957 // NVD: CVE-2021-25405

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2021&month=5	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25405	Trust: 1.4

sources: CNVD: CNVD-2021-44738 // JVNDB: JVNDB-2021-008051 // CNNVD: CNNVD-202106-957 // NVD: CVE-2021-25405

SOURCES

db:	CNVD	id:	CNVD-2021-44738
db:	JVNDB	id:	JVNDB-2021-008051
db:	CNNVD	id:	CNNVD-202106-957
db:	NVD	id:	CVE-2021-25405

LAST UPDATE DATE

2024-08-14T15:11:54.887000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-44738	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-008051	date:	2022-03-02T07:59:00
db:	CNNVD	id:	CNNVD-202106-957	date:	2022-07-15T00:00:00
db:	NVD	id:	CVE-2021-25405	date:	2022-07-14T15:37:32.487

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-44738	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-008051	date:	2022-03-02T00:00:00
db:	CNNVD	id:	CNNVD-202106-957	date:	2021-06-11T00:00:00
db:	NVD	id:	CVE-2021-25405	date:	2021-06-11T15:15:09.780