ID

VAR-202209-0559


CVE

CVE-2022-36873


TITLE

Samsung's  Android  for  Galaxy Watch  Vulnerabilities in plugins

Trust: 0.8

sources: JVNDB: JVNDB-2022-016627

DESCRIPTION

Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device. Samsung's Android for Galaxy Watch There are unspecified vulnerabilities in the plugin.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-36873 // JVNDB: JVNDB-2022-016627 // VULMON: CVE-2022-36873

AFFECTED PRODUCTS

vendor:samsungmodel:galaxy watch pluginscope:ltversion:2.2.11.22081151

Trust: 1.0

vendor:サムスンmodel:galaxy watch プラグインscope:eqversion: -

Trust: 0.8

vendor:サムスンmodel:galaxy watch プラグインscope:eqversion:galaxy watch plugin 2.2.11.22081151

Trust: 0.8

vendor:サムスンmodel:galaxy watch プラグインscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-016627 // NVD: CVE-2022-36873

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-36873
value: MEDIUM

Trust: 1.8

mobile.security@samsung.com: CVE-2022-36873
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202209-634
value: MEDIUM

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

mobile.security@samsung.com:
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.5
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-36873
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-016627 // NVD: CVE-2022-36873 // NVD: CVE-2022-36873 // CNNVD: CNNVD-202209-634

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-016627 // NVD: CVE-2022-36873

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202209-634

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-634

CONFIGURATIONS

sources: NVD: CVE-2022-36873

PATCH

title:SAMSUNG Mobile devices Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=207551

Trust: 0.6

sources: CNNVD: CNNVD-202209-634

EXTERNAL IDS

db:NVDid:CVE-2022-36873

Trust: 3.3

db:JVNDBid:JVNDB-2022-016627

Trust: 0.8

db:CNNVDid:CNNVD-202209-634

Trust: 0.6

db:VULMONid:CVE-2022-36873

Trust: 0.1

sources: VULMON: CVE-2022-36873 // JVNDB: JVNDB-2022-016627 // NVD: CVE-2022-36873 // CNNVD: CNNVD-202209-634

REFERENCES

url:https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=09

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-36873

Trust: 0.8

url:https://security.samsungmobile.com/serviceweb.smsb?year==2022&month=09

Trust: 0.7

url:https://cxsecurity.com/cveshow/cve-2022-36873/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-36873 // JVNDB: JVNDB-2022-016627 // NVD: CVE-2022-36873 // CNNVD: CNNVD-202209-634

SOURCES

db:VULMONid:CVE-2022-36873
db:JVNDBid:JVNDB-2022-016627
db:NVDid:CVE-2022-36873
db:CNNVDid:CNNVD-202209-634

LAST UPDATE DATE

2023-12-18T12:54:49.315000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-36873date:2022-09-09T00:00:00
db:JVNDBid:JVNDB-2022-016627date:2023-10-05T08:33:00
db:NVDid:CVE-2022-36873date:2022-09-21T20:26:32.503
db:CNNVDid:CNNVD-202209-634date:2022-09-15T00:00:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-36873date:2022-09-09T00:00:00
db:JVNDBid:JVNDB-2022-016627date:2023-10-05T00:00:00
db:NVDid:CVE-2022-36873date:2022-09-09T15:15:12.947
db:CNNVDid:CNNVD-202209-634date:2022-09-09T00:00:00