CVE-2018-10500

CWE-284 — Improper Access Control3 documents3 sources

Severity

7.0HIGH

EPSS

0.0%

top 85.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Galaxy Apps Samsung Samsung Galaxy Apps

Timeline

PublishedSep 24

Latest updateMay 13

Description

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of push messages. The issue lies in the ability to start an activity with controlled arguments. An attacker can leverage this vulnerability to escalate privileges to resources no…

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

▶NVDsamsung/galaxy_apps< 6.4.0.15

▶CVEListV5samsung/samsung_galaxy_appsFixed in version 6.4.0.15

🔴Vulnerability Details

GHSA

GHSA-m69v-rrc8-h7rx: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6↗2022-05-13

▶

CVEList

CVE-2018-10500: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6↗2018-09-24

▶