Details of VAR-202203-0327

ID

VAR-202203-0327

CVE

CVE-2022-25829

TITLE

Samsung's Android for Watch Active2 Information disclosure vulnerability in plug-in

Trust: 0.8

sources: JVNDB: JVNDB-2022-006685

DESCRIPTION

Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log. Samsung's Android for Watch Active2 The plugin contains an information disclosure vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-25829 // JVNDB: JVNDB-2022-006685

AFFECTED PRODUCTS

vendor:	samsung	model:	watch active2 plugin	scope:	lt	version:	2.2.08.22012751	Trust: 1.0
vendor:	サムスン	model:	watch active2 プラグイン	scope:	eq	version:	-	Trust: 0.8
vendor:	サムスン	model:	watch active2 プラグイン	scope:	eq	version:	watch active2 plugin 2.2.08.22012751	Trust: 0.8
vendor:	サムスン	model:	watch active2 プラグイン	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-006685 // NVD: CVE-2022-25829

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25829
value:	LOW
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-25829
value:	LOW
Trust: 1.0
NVD:	CVE-2022-25829
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-202203-852
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2022-25829
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2022-25829
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-25829
baseSeverity:	LOW
baseScore:	1.9
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.5
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-25829
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-006685 // CNNVD: CNNVD-202203-852 // NVD: CVE-2022-25829 // NVD: CVE-2022-25829

PROBLEMTYPE DATA

problemtype:	CWE-532	Trust: 1.0
problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-006685 // NVD: CVE-2022-25829

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-852

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202203-852

PATCH

title:

SAMSUNG Watch Active2 Plugin Repair measures for log information disclosure vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=245126

Trust: 0.6

sources: CNNVD: CNNVD-202203-852

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25829	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-006685	Trust: 0.8
db:	CNNVD	id:	CNNVD-202203-852	Trust: 0.6

sources: JVNDB: JVNDB-2022-006685 // CNNVD: CNNVD-202203-852 // NVD: CVE-2022-25829

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=3	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25829	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-25829/	Trust: 0.6

sources: JVNDB: JVNDB-2022-006685 // CNNVD: CNNVD-202203-852 // NVD: CVE-2022-25829

SOURCES

db:	JVNDB	id:	JVNDB-2022-006685
db:	CNNVD	id:	CNNVD-202203-852
db:	NVD	id:	CVE-2022-25829

LAST UPDATE DATE

2024-11-23T22:54:42.340000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-006685	date:	2023-07-07T08:26:00
db:	CNNVD	id:	CNNVD-202203-852	date:	2023-07-11T00:00:00
db:	NVD	id:	CVE-2022-25829	date:	2024-11-21T06:53:04.743

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-006685	date:	2023-07-07T00:00:00
db:	CNNVD	id:	CNNVD-202203-852	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2022-25829	date:	2022-03-10T17:47:26.537