Details of VAR-202210-0239

ID

VAR-202210-0239

CVE

CVE-2022-39864

TITLE

Samsung's Android for SmartThings Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018629

DESCRIPTION

Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. Samsung's Android for SmartThings Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-39864 // JVNDB: JVNDB-2022-018629

AFFECTED PRODUCTS

vendor:	samsung	model:	smartthings	scope:	lt	version:	1.7.85.25	Trust: 1.0
vendor:	サムスン	model:	smartthings	scope:	eq	version:	1.7.85.25	Trust: 0.8
vendor:	サムスン	model:	smartthings	scope:	eq	version:	-	Trust: 0.8
vendor:	サムスン	model:	smartthings	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018629 // NVD: CVE-2022-39864

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-39864
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-39864
value:	LOW
Trust: 1.0
NVD:	CVE-2022-39864
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202210-284
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-39864
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-39864
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-39864
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018629 // CNNVD: CNNVD-202210-284 // NVD: CVE-2022-39864 // NVD: CVE-2022-39864

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018629 // NVD: CVE-2022-39864

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-284

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-284

PATCH

title:

SAMSUNG Mobile devices Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=210313

Trust: 0.6

sources: CNNVD: CNNVD-202210-284

EXTERNAL IDS

db:	NVD	id:	CVE-2022-39864	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-018629	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-284	Trust: 0.6

sources: JVNDB: JVNDB-2022-018629 // CNNVD: CNNVD-202210-284 // NVD: CVE-2022-39864

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=10	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-39864	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-39864/	Trust: 0.6

sources: JVNDB: JVNDB-2022-018629 // CNNVD: CNNVD-202210-284 // NVD: CVE-2022-39864

SOURCES

db:	JVNDB	id:	JVNDB-2022-018629
db:	CNNVD	id:	CNNVD-202210-284
db:	NVD	id:	CVE-2022-39864

LAST UPDATE DATE

2024-08-14T15:42:12.610000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-018629	date:	2023-10-20T08:26:00
db:	CNNVD	id:	CNNVD-202210-284	date:	2023-06-28T00:00:00
db:	NVD	id:	CVE-2022-39864	date:	2023-06-27T16:13:48.267

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-018629	date:	2023-10-20T00:00:00
db:	CNNVD	id:	CNNVD-202210-284	date:	2022-10-07T00:00:00
db:	NVD	id:	CVE-2022-39864	date:	2022-10-07T15:15:21.727