fkie_nvd - fkie_cve-2023-21491

fkie_cve-2023-21491

Vulnerability from fkie_nvd

Published

2023-05-04 21:15

Modified

2024-11-21 07:42

Severity ?

8.5 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.

References

▶	URL	Tags
	mobile.security@samsung.com	https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05	Vendor Advisory

Impacted products

Vendor	Product	Version
samsung	android	12.0
samsung	android	12.0
samsung	android	12.0
samsung	android	12.0
samsung	android	12.0
samsung	android	12.0
samsung	android	12.0
samsung	android	12.0
samsung	android	12.0
samsung	android	12.0
samsung	android	12.0
samsung	android	12.0
samsung	android	12.0
samsung	android	12.0
samsung	android	12.0
samsung	android	12.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D757450C-270E-4FB2-A50C-7F769FED558A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "EC4A2EBA-038B-44D5-84F3-FF326CD1C62D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "0ABFBBDB-E935-4C54-865A-0E607497DA87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*",
              "matchCriteriaId": "3899E3E7-1284-4223-A258-DA691F5D62FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "ECD961EA-6881-4A14-83DE-C6972F6F681C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "011CC4F5-6701-41E9-BC7D-CFE6EFF682AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "13E145E2-CE11-4EE5-9085-B4960FE4F52F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "A3BBC8B6-1D2B-47C9-93EE-3D3DC43062F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "35F40D59-034B-44FB-8DCD-D469B50DE7E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "BC3F8572-578B-4D19-9453-1D03DA55EF70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "9137C66C-4966-4C90-ABE9-7E22F7E29BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "18CD523B-530E-4187-8BFF-729CDAC69282",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2021-r1:*:*:*:*:*:*",
              "matchCriteriaId": "5A81C86D-F1FE-4166-8F37-D7170E6B30FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "A3D80783-523A-455E-B1AD-0961086F79E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "89BE2958-0BEE-4CFD-A0BA-494DE62E7F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "B0329C50-B904-480D-8EBB-F2757049FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege."
    }
  ],
  "id": "CVE-2023-21491",
  "lastModified": "2024-11-21T07:42:56.690",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 8.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.3,
        "source": "mobile.security@samsung.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-05-04T21:15:10.007",
  "references": [
    {
      "source": "mobile.security@samsung.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
    }
  ],
  "sourceIdentifier": "mobile.security@samsung.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "mobile.security@samsung.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2023-21491 (GCVE-0-2023-21491)

Vulnerability from cvelistv5

Published

2023-05-04 00:00

Modified

2025-02-12 16:14

Severity ?

8.5 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

CWE

CWE-284 - Improper Access Control

Summary

Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.

References

►

URL

Tags

https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05