Details of VAR-202206-0680

ID

VAR-202206-0680

CVE

CVE-2022-30734

TITLE

Samsung Account Information Disclosure Vulnerability (CNVD-2022-81377)

Trust: 0.6

sources: CNVD: CNVD-2022-81377

DESCRIPTION

Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. Samsung Account is a comprehensive free membership for Samsung mobile devices, Samsung services available on smartphones, tablets, websites, TVs and other devices. Attackers can exploit this vulnerability to obtain user emails or phone numbers

Trust: 1.53

sources: NVD: CVE-2022-30734 // CNVD: CNVD-2022-81377 // VULMON: CVE-2022-30734

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-81377

AFFECTED PRODUCTS

vendor:

samsung

model:

account

scope:

version:

13.2.00.6

Trust: 1.6

sources: CNVD: CNVD-2022-81377 // NVD: CVE-2022-30734

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-30734
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-30734
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2022-81377
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202206-688
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2022-30734
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-30734
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-81377
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-30734
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-30734
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-81377 // VULMON: CVE-2022-30734 // CNNVD: CNNVD-202206-688 // NVD: CVE-2022-30734 // NVD: CVE-2022-30734

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	CWE-668	Trust: 1.0

sources: NVD: CVE-2022-30734

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-688

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-688

PATCH

title:

Samsung Account Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195798

Trust: 0.6

sources: CNNVD: CNNVD-202206-688

EXTERNAL IDS

db:	NVD	id:	CVE-2022-30734	Trust: 2.3
db:	CNVD	id:	CNVD-2022-81377	Trust: 0.6
db:	CNNVD	id:	CNNVD-202206-688	Trust: 0.6
db:	VULMON	id:	CVE-2022-30734	Trust: 0.1

sources: CNVD: CNVD-2022-81377 // VULMON: CVE-2022-30734 // CNNVD: CNNVD-202206-688 // NVD: CVE-2022-30734

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=6	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30734	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-30734/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/668.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-81377 // VULMON: CVE-2022-30734 // CNNVD: CNNVD-202206-688 // NVD: CVE-2022-30734

SOURCES

db:	CNVD	id:	CNVD-2022-81377
db:	VULMON	id:	CVE-2022-30734
db:	CNNVD	id:	CNNVD-202206-688
db:	NVD	id:	CVE-2022-30734

LAST UPDATE DATE

2024-11-23T23:10:48.756000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-81377	date:	2022-11-25T00:00:00
db:	VULMON	id:	CVE-2022-30734	date:	2022-06-11T00:00:00
db:	CNNVD	id:	CNNVD-202206-688	date:	2022-06-13T00:00:00
db:	NVD	id:	CVE-2022-30734	date:	2024-11-21T07:03:16.420

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-81377	date:	2022-10-13T00:00:00
db:	VULMON	id:	CVE-2022-30734	date:	2022-06-07T00:00:00
db:	CNNVD	id:	CNNVD-202206-688	date:	2022-06-07T00:00:00
db:	NVD	id:	CVE-2022-30734	date:	2022-06-07T19:15:10.057