Sign-up

ID

VAR-202210-0202


CVE

CVE-2022-39857


TITLE

Samsung's  FactoryCameraFB  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018342

DESCRIPTION

Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege. Samsung's FactoryCameraFB Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-39857 // JVNDB: JVNDB-2022-018342 // VULHUB: VHN-435644

AFFECTED PRODUCTS

vendor:samsungmodel:factorycamerafbscope:ltversion:3.5.51

Trust: 1.0

vendor:サムスンmodel:factorycamerafbscope: - version: -

Trust: 0.8

vendor:サムスンmodel:factorycamerafbscope:eqversion: -

Trust: 0.8

vendor:サムスンmodel:factorycamerafbscope:eqversion:3.5.51

Trust: 0.8

sources: JVNDB: JVNDB-2022-018342 // NVD: CVE-2022-39857

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-39857
value: MEDIUM

Trust: 1.0

mobile.security@samsung.com: CVE-2022-39857
value: HIGH

Trust: 1.0

NVD: CVE-2022-39857
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202210-290
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-39857
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2022-39857
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.5
impactScore: 4.7
version: 3.1

Trust: 1.0

NVD: CVE-2022-39857
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018342 // CNNVD: CNNVD-202210-290 // NVD: CVE-2022-39857 // NVD: CVE-2022-39857

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-668

Trust: 0.1

sources: VULHUB: VHN-435644 // JVNDB: JVNDB-2022-018342 // NVD: CVE-2022-39857

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-290

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-290

PATCH

title:SAMSUNG Mobile devices Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=209930

Trust: 0.6

sources: CNNVD: CNNVD-202210-290

EXTERNAL IDS

db:NVDid:CVE-2022-39857

Trust: 3.3

db:JVNDBid:JVNDB-2022-018342

Trust: 0.8

db:CNNVDid:CNNVD-202210-290

Trust: 0.6

db:VULHUBid:VHN-435644

Trust: 0.1

sources: VULHUB: VHN-435644 // JVNDB: JVNDB-2022-018342 // CNNVD: CNNVD-202210-290 // NVD: CVE-2022-39857

REFERENCES

url:https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=10

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-39857

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-39857/

Trust: 0.6

url:https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=10

Trust: 0.1

sources: VULHUB: VHN-435644 // JVNDB: JVNDB-2022-018342 // CNNVD: CNNVD-202210-290 // NVD: CVE-2022-39857

SOURCES

db:VULHUBid:VHN-435644
db:JVNDBid:JVNDB-2022-018342
db:CNNVDid:CNNVD-202210-290
db:NVDid:CVE-2022-39857

LAST UPDATE DATE

2024-08-14T14:49:33.188000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-435644date:2022-10-07T00:00:00
db:JVNDBid:JVNDB-2022-018342date:2023-10-19T08:30:00
db:CNNVDid:CNNVD-202210-290date:2023-06-28T00:00:00
db:NVDid:CVE-2022-39857date:2023-06-27T16:13:16.047

SOURCES RELEASE DATE

db:VULHUBid:VHN-435644date:2022-10-07T00:00:00
db:JVNDBid:JVNDB-2022-018342date:2023-10-19T00:00:00
db:CNNVDid:CNNVD-202210-290date:2022-10-07T00:00:00
db:NVDid:CVE-2022-39857date:2022-10-07T15:15:20.717