Sign-up

ID

VAR-202302-0792


CVE

CVE-2023-21444


TITLE

PC  for  Samsung Flow  Cryptographic strength vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2023-003527

DESCRIPTION

Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. PC for Samsung Flow There is a security level vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-21444 // JVNDB: JVNDB-2023-003527 // VULMON: CVE-2023-21444

AFFECTED PRODUCTS

vendor:samsungmodel:flowscope:ltversion:4.9.14.0

Trust: 1.0

vendor:サムスンmodel:samsung flowscope: - version: -

Trust: 0.8

vendor:サムスンmodel:samsung flowscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-003527 // NVD: CVE-2023-21444

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-21444
value: HIGH

Trust: 1.8

mobile.security@samsung.com: CVE-2023-21444
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202302-650
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

mobile.security@samsung.com:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT_NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-21444
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-003527 // NVD: CVE-2023-21444 // NVD: CVE-2023-21444 // CNNVD: CNNVD-202302-650

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.0

problemtype:Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-003527 // NVD: CVE-2023-21444

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202302-650

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202302-650

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-21444

PATCH
title:Security Updates (FEB-2023 Updates)url:https://security.samsungmobile.com/serviceweb.smsb?year=2023&month=02
Trust: 0.8
title:SAMSUNG Flow Fixes for encryption problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=225970
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2023-003527 // 
            
            
            
            CNNVD: CNNVD-202302-650

EXTERNAL IDS
db:NVDid:CVE-2023-21444
Trust: 3.3
db:JVNDBid:JVNDB-2023-003527
Trust: 0.8
db:CNNVDid:CNNVD-202302-650
Trust: 0.6
db:VULMONid:CVE-2023-21444
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-21444 // 
            
            
            
            JVNDB: JVNDB-2023-003527 // 
            
            
            
            NVD: CVE-2023-21444 // 
            
            
            
            CNNVD: CNNVD-202302-650

REFERENCES
url:https://security.samsungmobile.com/serviceweb.smsb?year=2023&month=02
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2023-21444
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2023-21444/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-21444 // 
            
            
            
            JVNDB: JVNDB-2023-003527 // 
            
            
            
            NVD: CVE-2023-21444 // 
            
            
            
            CNNVD: CNNVD-202302-650

SOURCES
db:VULMONid:CVE-2023-21444
db:JVNDBid:JVNDB-2023-003527
db:NVDid:CVE-2023-21444
db:CNNVDid:CNNVD-202302-650

LAST UPDATE DATE
2023-12-18T12:15:01.799000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-21444date:2023-02-10T00:00:00
db:JVNDBid:JVNDB-2023-003527date:2023-09-11T07:28:00
db:NVDid:CVE-2023-21444date:2023-02-17T15:46:19.203
db:CNNVDid:CNNVD-202302-650date:2023-02-20T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-21444date:2023-02-09T00:00:00
db:JVNDBid:JVNDB-2023-003527date:2023-09-11T00:00:00
db:NVDid:CVE-2023-21444date:2023-02-09T19:15:16.677
db:CNNVDid:CNNVD-202302-650date:2023-02-09T00:00:00