CVE-2016-4030

CWE-284 — Improper Access Control3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 74.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Galaxy Note 3 Firmware Samsung Galaxy S4 Firmware Samsung Galaxy S4 Mini Firmware +2 more

Timeline

PublishedApr 13

Latest updateMay 17

Description

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages5 packages

▶NVDsamsung/galaxy_s4_mini_firmwarei9192xxubnb1

▶NVDsamsung/galaxy_s4_mini_lte_firmwarei9195xxucol1

▶NVDsamsung/galaxy_note_3_firmwaren9005xxugbob6

▶NVDsamsung/galaxy_s4_firmwarei9505xxuhoj2

▶NVDsamsung/galaxy_s6_firmwareg920fxxu2coh2

🔴Vulnerability Details

GHSA

GHSA-xvq5-pp86-qj79: Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195↗2022-05-17

▶

CVEList

CVE-2016-4030: Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195↗2017-04-13

▶