Details of VAR-202207-0920

ID

VAR-202207-0920

CVE

CVE-2022-33710

TITLE

Samsung Galaxy Store Input Validation Error Vulnerability (CNVD-2022-70731)

Trust: 0.6

sources: CNVD: CNVD-2022-70731

DESCRIPTION

Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. Samsung Galaxy Store is an application store for Samsung mobile devices

Trust: 1.53

sources: NVD: CVE-2022-33710 // CNVD: CNVD-2022-70731 // VULMON: CVE-2022-33710

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-70731

AFFECTED PRODUCTS

vendor:

samsung

model:

galaxy store

scope:

version:

4.5.41.8

Trust: 1.6

sources: CNVD: CNVD-2022-70731 // NVD: CVE-2022-33710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33710
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2022-70731
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202207-985
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-33710
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-33710
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-70731
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-33710
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-70731 // VULMON: CVE-2022-33710 // CNNVD: CNNVD-202207-985 // NVD: CVE-2022-33710

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-269	Trust: 1.0

sources: NVD: CVE-2022-33710

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-985

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202207-985

PATCH

title:	Patch for Samsung Galaxy Store Input Validation Error Vulnerability (CNVD-2022-70731)	url:	https://www.cnvd.org.cn/patchInfo/show/356906	Trust: 0.6
title:	SAMSUNG Galaxy Store Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200391	Trust: 0.6

sources: CNVD: CNVD-2022-70731 // CNNVD: CNNVD-202207-985

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33710	Trust: 2.3
db:	CNVD	id:	CNVD-2022-70731	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-985	Trust: 0.6
db:	VULMON	id:	CVE-2022-33710	Trust: 0.1

sources: CNVD: CNVD-2022-70731 // VULMON: CVE-2022-33710 // CNNVD: CNNVD-202207-985 // NVD: CVE-2022-33710

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year==2022&month=07	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33710	Trust: 1.2
url:	https://cxsecurity.com/cveshow/cve-2022-33710/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-70731 // VULMON: CVE-2022-33710 // CNNVD: CNNVD-202207-985 // NVD: CVE-2022-33710

SOURCES

db:	CNVD	id:	CNVD-2022-70731
db:	VULMON	id:	CVE-2022-33710
db:	CNNVD	id:	CNNVD-202207-985
db:	NVD	id:	CVE-2022-33710

LAST UPDATE DATE

2024-08-14T13:53:11.151000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-70731	date:	2022-10-24T00:00:00
db:	VULMON	id:	CVE-2022-33710	date:	2022-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202207-985	date:	2022-07-18T00:00:00
db:	NVD	id:	CVE-2022-33710	date:	2022-07-16T02:49:39.807

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-70731	date:	2022-10-24T00:00:00
db:	VULMON	id:	CVE-2022-33710	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-985	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-33710	date:	2022-07-12T14:15:18.400