CVE-2021-25352 (GCVE-0-2021-25352)
Vulnerability from cvelistv5
Published
2021-03-25 16:11
Modified
2024-08-03 20:03
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
Summary
Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.
References
Impacted products
Vendor Product Version
Samsung Mobile Bixby Voice Version: unspecified   < 3.0.52.14
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:03:05.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/serviceWeb.smsb"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bixby Voice",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "3.0.52.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285 Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-25T16:11:37",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.samsungmobile.com/serviceWeb.smsb"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2021-25352",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bixby Voice",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.0.52.14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung Mobile"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-285 Improper Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com/"
            },
            {
              "name": "https://security.samsungmobile.com/serviceWeb.smsb",
              "refsource": "CONFIRM",
              "url": "https://security.samsungmobile.com/serviceWeb.smsb"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2021-25352",
    "datePublished": "2021-03-25T16:11:37",
    "dateReserved": "2021-01-19T00:00:00",
    "dateUpdated": "2024-08-03T20:03:05.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-25352\",\"sourceIdentifier\":\"mobile.security@samsung.com\",\"published\":\"2021-03-25T17:15:13.600\",\"lastModified\":\"2024-11-21T05:54:49.123\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.\"},{\"lang\":\"es\",\"value\":\"Usar un PendingIntent con intenci\u00f3n impl\u00edcita en Bixby Voice versiones anteriores a 3.0.52.14, permite a atacantes ejecutar acciones privilegiadas al secuestrar y modificar la intenci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"mobile.security@samsung.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"mobile.security@samsung.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-285\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-668\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samsung:bixby_voice:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0.52.14\",\"matchCriteriaId\":\"E91299C8-80F1-4FE2-807C-A4654B04B315\"}]}]}],\"references\":[{\"url\":\"https://security.samsungmobile.com/\",\"source\":\"mobile.security@samsung.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.samsungmobile.com/serviceWeb.smsb\",\"source\":\"mobile.security@samsung.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.samsungmobile.com/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.samsungmobile.com/serviceWeb.smsb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.