fkie_nvd - fkie_cve-2023-30684

fkie_cve-2023-30684

Vulnerability from fkie_nvd

Published

2023-08-10 02:15

Modified

2024-11-21 08:00

Severity ?

4.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.

References

▼	URL	Tags
	mobile.security@samsung.com	https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=08	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=08	Vendor Advisory

Impacted products

Vendor	Product	Version
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "34114DDC-DCDA-4306-8D23-2E628873171F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "85E4E8C1-749F-4A1C-8333-6BAFBF8B64D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "3F3EF3F1-4E54-46E3-A308-69656A29FBD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission."
    },
    {
      "lang": "es",
      "value": "Control de acceso inadecuado en Samsung Telecom antes de SMR Aug-2023 Release 1 que permite a los atacantes locales llamar a la API acceptRingingCall sin permiso. "
    }
  ],
  "id": "CVE-2023-30684",
  "lastModified": "2024-11-21T08:00:40.777",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 1.4,
        "source": "mobile.security@samsung.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-10T02:15:11.097",
  "references": [
    {
      "source": "mobile.security@samsung.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=08"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=08"
    }
  ],
  "sourceIdentifier": "mobile.security@samsung.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2023-30684

Vulnerability from cvelistv5

Published

2023-08-10 01:18

Modified

2024-10-04 15:06

Severity ?

4.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L