ID

VAR-202209-0559


CVE

CVE-2022-36873


TITLE

Samsung's  Android  for  Galaxy Watch  Vulnerabilities in plugins

Trust: 0.8

sources: JVNDB: JVNDB-2022-016627

DESCRIPTION

Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device. Samsung's Android for Galaxy Watch There are unspecified vulnerabilities in the plugin.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-36873 // JVNDB: JVNDB-2022-016627 // VULMON: CVE-2022-36873

AFFECTED PRODUCTS

vendor:samsungmodel:galaxy watch pluginscope:ltversion:2.2.11.22081151

Trust: 1.0

vendor:サムスンmodel:galaxy watch プラグインscope:eqversion: -

Trust: 0.8

vendor:サムスンmodel:galaxy watch プラグインscope:eqversion:galaxy watch plugin 2.2.11.22081151

Trust: 0.8

vendor:サムスンmodel:galaxy watch プラグインscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-016627 // NVD: CVE-2022-36873

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-36873
value: MEDIUM

Trust: 1.0

mobile.security@samsung.com: CVE-2022-36873
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-36873
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202209-634
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-36873
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2022-36873
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.5
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-36873
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-016627 // CNNVD: CNNVD-202209-634 // NVD: CVE-2022-36873 // NVD: CVE-2022-36873

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-016627 // NVD: CVE-2022-36873

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202209-634

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-634

PATCH

title:SAMSUNG Mobile devices Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=207551

Trust: 0.6

sources: CNNVD: CNNVD-202209-634

EXTERNAL IDS

db:NVDid:CVE-2022-36873

Trust: 3.3

db:JVNDBid:JVNDB-2022-016627

Trust: 0.8

db:CNNVDid:CNNVD-202209-634

Trust: 0.6

db:VULMONid:CVE-2022-36873

Trust: 0.1

sources: VULMON: CVE-2022-36873 // JVNDB: JVNDB-2022-016627 // CNNVD: CNNVD-202209-634 // NVD: CVE-2022-36873

REFERENCES

url:https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=09

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-36873

Trust: 0.8

url:https://security.samsungmobile.com/serviceweb.smsb?year==2022&month=09

Trust: 0.7

url:https://cxsecurity.com/cveshow/cve-2022-36873/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-36873 // JVNDB: JVNDB-2022-016627 // CNNVD: CNNVD-202209-634 // NVD: CVE-2022-36873

SOURCES

db:VULMONid:CVE-2022-36873
db:JVNDBid:JVNDB-2022-016627
db:CNNVDid:CNNVD-202209-634
db:NVDid:CVE-2022-36873

LAST UPDATE DATE

2024-08-14T15:21:37.957000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-36873date:2022-09-09T00:00:00
db:JVNDBid:JVNDB-2022-016627date:2023-10-05T08:33:00
db:CNNVDid:CNNVD-202209-634date:2022-09-15T00:00:00
db:NVDid:CVE-2022-36873date:2022-09-21T20:26:32.503

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-36873date:2022-09-09T00:00:00
db:JVNDBid:JVNDB-2022-016627date:2023-10-05T00:00:00
db:CNNVDid:CNNVD-202209-634date:2022-09-09T00:00:00
db:NVDid:CVE-2022-36873date:2022-09-09T15:15:12.947