fkie_nvd - fkie_cve-2023-30659

fkie_cve-2023-30659

Vulnerability from fkie_nvd

Published

2023-07-06 03:15

Modified

2024-11-21 08:00

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

References

▶	URL	Tags
	mobile.security@samsung.com	https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07	Vendor Advisory

Impacted products

Vendor	Product	Version
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0
samsung	android	13.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "85E4E8C1-749F-4A1C-8333-6BAFBF8B64D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*",
              "matchCriteriaId": "3F3EF3F1-4E54-46E3-A308-69656A29FBD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*",
              "matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities."
    }
  ],
  "id": "CVE-2023-30659",
  "lastModified": "2024-11-21T08:00:37.547",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "mobile.security@samsung.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-06T03:15:10.927",
  "references": [
    {
      "source": "mobile.security@samsung.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=07"
    }
  ],
  "sourceIdentifier": "mobile.security@samsung.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2023-30659 (GCVE-0-2023-30659)

Vulnerability from cvelistv5

Published

2023-07-06 02:51

Modified

2024-10-24 15:29

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-20 Improper Input Validation

Summary

Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

References

►

URL

Tags

https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07