Sign-up

ID

VAR-202204-1386


CVE

CVE-2022-28543


TITLE

Samsung Flow Path Traversal Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-81358 // CNNVD: CNNVD-202204-2906

DESCRIPTION

Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission. Samsung flow is an application for Samsung mobile devices, a software for Samsung to connect with win10 system computers, to achieve a seamless, safe and connected experience

Trust: 2.25

sources: NVD: CVE-2022-28543 // JVNDB: JVNDB-2022-008356 // CNVD: CNVD-2022-81358 // VULMON: CVE-2022-28543

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-81358

AFFECTED PRODUCTS

vendor:samsungmodel:flowscope:ltversion:4.8.07.4

Trust: 1.6

vendor:サムスンmodel:samsung flowscope:eqversion: -

Trust: 0.8

vendor:サムスンmodel:samsung flowscope: - version: -

Trust: 0.8

vendor:サムスンmodel:samsung flowscope:eqversion:4.8.07.4

Trust: 0.8

sources: CNVD: CNVD-2022-81358 // JVNDB: JVNDB-2022-008356 // NVD: CVE-2022-28543

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-28543
value: MEDIUM

Trust: 1.0

mobile.security@samsung.com: CVE-2022-28543
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-28543
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-81358
value: LOW

Trust: 0.6

CNNVD: CNNVD-202204-2906
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-28543
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2022-28543
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-81358
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-28543
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2022-28543
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-28543
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-81358 // VULMON: CVE-2022-28543 // JVNDB: JVNDB-2022-008356 // CNNVD: CNNVD-202204-2906 // NVD: CVE-2022-28543 // NVD: CVE-2022-28543

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008356 // NVD: CVE-2022-28543

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-2906

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202204-2906

PATCH

title:Patch for Samsung Flow Path Traversal Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/355951

Trust: 0.6

title:Samsung Flow Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190348

Trust: 0.6

sources: CNVD: CNVD-2022-81358 // CNNVD: CNNVD-202204-2906

EXTERNAL IDS

db:NVDid:CVE-2022-28543

Trust: 3.9

db:JVNDBid:JVNDB-2022-008356

Trust: 0.8

db:CNVDid:CNVD-2022-81358

Trust: 0.6

db:CNNVDid:CNNVD-202204-2906

Trust: 0.6

db:VULMONid:CVE-2022-28543

Trust: 0.1

sources: CNVD: CNVD-2022-81358 // VULMON: CVE-2022-28543 // JVNDB: JVNDB-2022-008356 // CNNVD: CNNVD-202204-2906 // NVD: CVE-2022-28543

REFERENCES

url:https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=4

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-28543

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-28543/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-81358 // VULMON: CVE-2022-28543 // JVNDB: JVNDB-2022-008356 // CNNVD: CNNVD-202204-2906 // NVD: CVE-2022-28543

SOURCES

db:CNVDid:CNVD-2022-81358
db:VULMONid:CVE-2022-28543
db:JVNDBid:JVNDB-2022-008356
db:CNNVDid:CNNVD-202204-2906
db:NVDid:CVE-2022-28543

LAST UPDATE DATE

2024-11-23T22:54:36.576000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-81358date:2022-11-25T00:00:00
db:VULMONid:CVE-2022-28543date:2022-04-21T00:00:00
db:JVNDBid:JVNDB-2022-008356date:2023-07-26T08:24:00
db:CNNVDid:CNNVD-202204-2906date:2022-04-22T00:00:00
db:NVDid:CVE-2022-28543date:2024-11-21T06:57:29.970

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-81358date:2022-10-13T00:00:00
db:VULMONid:CVE-2022-28543date:2022-04-11T00:00:00
db:JVNDBid:JVNDB-2022-008356date:2023-07-26T00:00:00
db:CNNVDid:CNNVD-202204-2906date:2022-04-11T00:00:00
db:NVDid:CVE-2022-28543date:2022-04-11T20:15:23.613