Details of VAR-202210-0113

ID

VAR-202210-0113

CVE

CVE-2022-39875

TITLE

Samsung's account Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018619

DESCRIPTION

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. Samsung's account Exists in unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state. SAMSUNG Mobile devices is a series of Samsung mobile devices of South Korea's Samsung (SAMSUNG), including mobile phones, tablets, etc. An attacker could exploit this vulnerability to log off without authorization

Trust: 2.16

sources: NVD: CVE-2022-39875 // JVNDB: JVNDB-2022-018619 // CNVD: CNVD-2022-87955

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-87955

AFFECTED PRODUCTS

vendor:	samsung	model:	account	scope:	lt	version:	13.5.01.3	Trust: 1.0
vendor:	サムスン	model:	account	scope:	-	version:	-	Trust: 0.8
vendor:	サムスン	model:	account	scope:	eq	version:	-	Trust: 0.8
vendor:	サムスン	model:	account	scope:	eq	version:	13.5.01.3	Trust: 0.8
vendor:	samsung	model:	mobile devices	scope:	lt	version:	13.5.01.3	Trust: 0.6

sources: CNVD: CNVD-2022-87955 // JVNDB: JVNDB-2022-018619 // NVD: CVE-2022-39875

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-39875
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-39875
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-39875
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-87955
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202210-269
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2022-87955
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-39875
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	2.5
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-39875
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.5
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2022-39875
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-87955 // JVNDB: JVNDB-2022-018619 // CNNVD: CNNVD-202210-269 // NVD: CVE-2022-39875 // NVD: CVE-2022-39875

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018619 // NVD: CVE-2022-39875

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-269

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-269

PATCH

title:	Patch for SAMSUNG Mobile devices account component access control error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/371221	Trust: 0.6
title:	SAMSUNG Mobile devices Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209910	Trust: 0.6

sources: CNVD: CNVD-2022-87955 // CNNVD: CNNVD-202210-269

EXTERNAL IDS

db:	NVD	id:	CVE-2022-39875	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-018619	Trust: 0.8
db:	CNVD	id:	CNVD-2022-87955	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-269	Trust: 0.6

sources: CNVD: CNVD-2022-87955 // JVNDB: JVNDB-2022-018619 // CNNVD: CNNVD-202210-269 // NVD: CVE-2022-39875

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=10	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-39875	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-39875/	Trust: 0.6

sources: CNVD: CNVD-2022-87955 // JVNDB: JVNDB-2022-018619 // CNNVD: CNNVD-202210-269 // NVD: CVE-2022-39875

SOURCES

db:	CNVD	id:	CNVD-2022-87955
db:	JVNDB	id:	JVNDB-2022-018619
db:	CNNVD	id:	CNNVD-202210-269
db:	NVD	id:	CVE-2022-39875

LAST UPDATE DATE

2024-08-14T15:42:12.721000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-87955	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-018619	date:	2023-10-20T08:26:00
db:	CNNVD	id:	CNNVD-202210-269	date:	2022-10-12T00:00:00
db:	NVD	id:	CVE-2022-39875	date:	2022-10-11T16:58:07.947

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-87955	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-018619	date:	2023-10-20T00:00:00
db:	CNNVD	id:	CNNVD-202210-269	date:	2022-10-07T00:00:00
db:	NVD	id:	CVE-2022-39875	date:	2022-10-07T15:15:23.430