Details of VAR-202207-0821

ID

VAR-202207-0821

CVE

CVE-2022-33706

TITLE

Samsung Gallery Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-76489

DESCRIPTION

Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture. Samsung Gallery is an application of Samsung Corporation. The best image and video viewing app for Galaxy users. This vulnerability stems from an incorrect access verification logic in the Gallery

Trust: 1.53

sources: NVD: CVE-2022-33706 // CNVD: CNVD-2022-76489 // VULMON: CVE-2022-33706

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-76489

AFFECTED PRODUCTS

vendor:

samsung

model:

gallery

scope:

version:

13.1.05.8

Trust: 1.6

sources: CNVD: CNVD-2022-76489 // NVD: CVE-2022-33706

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33706
value:	LOW
Trust: 1.0
CNVD:	CNVD-2022-76489
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202207-994
value:	LOW
Trust: 0.6
VULMON:	CVE-2022-33706
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-33706
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-76489
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-33706
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-76489 // VULMON: CVE-2022-33706 // CNNVD: CNNVD-202207-994 // NVD: CVE-2022-33706

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0

sources: NVD: CVE-2022-33706

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-994

PATCH

title:	Patch for Samsung Gallery Access Control Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/356916	Trust: 0.6
title:	Samsung Gallery Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=200395	Trust: 0.6

sources: CNVD: CNVD-2022-76489 // CNNVD: CNNVD-202207-994

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33706	Trust: 2.3
db:	CNVD	id:	CNVD-2022-76489	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-994	Trust: 0.6
db:	VULMON	id:	CVE-2022-33706	Trust: 0.1

sources: CNVD: CNVD-2022-76489 // VULMON: CVE-2022-33706 // CNNVD: CNNVD-202207-994 // NVD: CVE-2022-33706

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year==2022&month=07	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33706	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-33706/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-76489 // VULMON: CVE-2022-33706 // CNNVD: CNNVD-202207-994 // NVD: CVE-2022-33706

SOURCES

db:	CNVD	id:	CNVD-2022-76489
db:	VULMON	id:	CVE-2022-33706
db:	CNNVD	id:	CNNVD-202207-994
db:	NVD	id:	CVE-2022-33706

LAST UPDATE DATE

2024-08-14T14:24:40.632000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-76489	date:	2022-11-11T00:00:00
db:	VULMON	id:	CVE-2022-33706	date:	2022-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202207-994	date:	2023-07-24T00:00:00
db:	NVD	id:	CVE-2022-33706	date:	2023-07-21T17:47:45.783

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-76489	date:	2022-10-17T00:00:00
db:	VULMON	id:	CVE-2022-33706	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-994	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-33706	date:	2022-07-12T14:15:18.207