Sign-up

ID

VAR-202302-0793


CVE

CVE-2023-21432


TITLE

Smart Things  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-003626

DESCRIPTION

Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. Smart Things Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-21432 // JVNDB: JVNDB-2023-003626 // VULMON: CVE-2023-21432

AFFECTED PRODUCTS

vendor:samsungmodel:smart thingsscope:ltversion:1.7.93

Trust: 1.0

vendor:サムスンmodel:smartthingsscope:eqversion: -

Trust: 0.8

vendor:サムスンmodel:smartthingsscope:eqversion:1.7.93

Trust: 0.8

sources: JVNDB: JVNDB-2023-003626 // NVD: CVE-2023-21432

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-21432
value: HIGH

Trust: 1.0

mobile.security@samsung.com: CVE-2023-21432
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-21432
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-664
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-21432
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2023-21432
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.8
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2023-21432
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-003626 // CNNVD: CNNVD-202302-664 // NVD: CVE-2023-21432 // NVD: CVE-2023-21432

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-285

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-003626 // NVD: CVE-2023-21432

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-664

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-664

PATCH

title:Security Update (JAN-2023 Updates)url:https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01

Trust: 0.8

title:SAMSUNG Mobile devices Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226193

Trust: 0.6

sources: JVNDB: JVNDB-2023-003626 // CNNVD: CNNVD-202302-664

EXTERNAL IDS

db:NVDid:CVE-2023-21432

Trust: 3.3

db:JVNDBid:JVNDB-2023-003626

Trust: 0.8

db:CNNVDid:CNNVD-202302-664

Trust: 0.6

db:VULMONid:CVE-2023-21432

Trust: 0.1

sources: VULMON: CVE-2023-21432 // JVNDB: JVNDB-2023-003626 // CNNVD: CNNVD-202302-664 // NVD: CVE-2023-21432

REFERENCES

url:https://security.samsungmobile.com/serviceweb.smsb?year=2023&month=01

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2023-21432

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-21432/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-21432 // JVNDB: JVNDB-2023-003626 // CNNVD: CNNVD-202302-664 // NVD: CVE-2023-21432

SOURCES

db:VULMONid:CVE-2023-21432
db:JVNDBid:JVNDB-2023-003626
db:CNNVDid:CNNVD-202302-664
db:NVDid:CVE-2023-21432

LAST UPDATE DATE

2024-08-14T15:37:09.101000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-21432date:2023-02-10T00:00:00
db:JVNDBid:JVNDB-2023-003626date:2023-09-15T02:33:00
db:CNNVDid:CNNVD-202302-664date:2023-02-22T00:00:00
db:NVDid:CVE-2023-21432date:2023-02-21T15:22:45.697

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-21432date:2023-02-09T00:00:00
db:JVNDBid:JVNDB-2023-003626date:2023-09-15T00:00:00
db:CNNVDid:CNNVD-202302-664date:2023-02-09T00:00:00
db:NVDid:CVE-2023-21432date:2023-02-09T19:15:15.740