CVE-2016-1920

CWE-284 — Improper Access Control3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 69.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Knox

Timeline

PublishedJan 27

Latest updateMay 14

Description

Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDsamsung/knox1.0

🔴Vulnerability Details

GHSA

GHSA-pqvr-gchh-537x: Samsung KNOX 1↗2022-05-14

▶

CVEList

CVE-2016-1920: Samsung KNOX 1↗2017-01-27

▶