Details of VAR-202210-0316

ID

VAR-202210-0316

CVE

CVE-2022-39877

TITLE

Samsung's Group Sharing Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018338

DESCRIPTION

Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. Samsung's Group Sharing Exists in unspecified vulnerabilities.Information may be obtained. SAMSUNG Mobile devices is a series of Samsung mobile devices of South Korea's Samsung (SAMSUNG), including mobile phones, tablets, etc. An attacker could exploit this vulnerability to identify the device

Trust: 2.16

sources: NVD: CVE-2022-39877 // JVNDB: JVNDB-2022-018338 // CNVD: CNVD-2022-87954

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-87954

AFFECTED PRODUCTS

vendor:	samsung	model:	group sharing	scope:	lt	version:	13.0.6.15	Trust: 1.0
vendor:	samsung	model:	group sharing	scope:	lt	version:	13.0.6.14	Trust: 1.0
vendor:	サムスン	model:	group sharing	scope:	eq	version:	13.0.6.14	Trust: 0.8
vendor:	サムスン	model:	group sharing	scope:	eq	version:	13.0.6.15	Trust: 0.8
vendor:	サムスン	model:	group sharing	scope:	eq	version:	-	Trust: 0.8
vendor:	サムスン	model:	group sharing	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices android s	scope:	eq	version:	13.0.6.15	Trust: 0.6
vendor:	samsung	model:	mobile devices android r	scope:	eq	version:	13.0.6.14	Trust: 0.6

sources: CNVD: CNVD-2022-87954 // JVNDB: JVNDB-2022-018338 // NVD: CVE-2022-39877

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-39877
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-39877
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-39877
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-87954
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202210-268
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2022-87954
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-39877
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-39877
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-39877
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-87954 // JVNDB: JVNDB-2022-018338 // CNNVD: CNNVD-202210-268 // NVD: CVE-2022-39877 // NVD: CVE-2022-39877

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018338 // NVD: CVE-2022-39877

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-268

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-268

PATCH

title:	Patch for SAMSUNG Mobile devices ProfileSharingAccount access control error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/371211	Trust: 0.6
title:	SAMSUNG Mobile devices Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209909	Trust: 0.6

sources: CNVD: CNVD-2022-87954 // CNNVD: CNNVD-202210-268

EXTERNAL IDS

db:	NVD	id:	CVE-2022-39877	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-018338	Trust: 0.8
db:	CNVD	id:	CNVD-2022-87954	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-268	Trust: 0.6

sources: CNVD: CNVD-2022-87954 // JVNDB: JVNDB-2022-018338 // CNNVD: CNNVD-202210-268 // NVD: CVE-2022-39877

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=10	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-39877	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-39877/	Trust: 0.6

sources: CNVD: CNVD-2022-87954 // JVNDB: JVNDB-2022-018338 // CNNVD: CNNVD-202210-268 // NVD: CVE-2022-39877

SOURCES

db:	CNVD	id:	CNVD-2022-87954
db:	JVNDB	id:	JVNDB-2022-018338
db:	CNNVD	id:	CNNVD-202210-268
db:	NVD	id:	CVE-2022-39877

LAST UPDATE DATE

2024-08-14T13:21:37.174000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-87954	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-018338	date:	2023-10-19T08:30:00
db:	CNNVD	id:	CNNVD-202210-268	date:	2023-06-28T00:00:00
db:	NVD	id:	CVE-2022-39877	date:	2023-06-27T16:25:35.270

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-87954	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-018338	date:	2023-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202210-268	date:	2022-10-07T00:00:00
db:	NVD	id:	CVE-2022-39877	date:	2022-10-07T15:15:23.810