CVE-2018-10502

CWE-269Improper Privilege ManagementCWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 85.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Galaxy AppsSamsung Samsung Galaxy Apps
Timeline
PublishedSep 24
Latest updateMay 13

Description

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue lies in the ability to change the configuration based on the presence of a file in an user-controlled location. An attacker can leverage this vulnera

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsamsung/galaxy_apps< 4.2.18.2
CVEListV5samsung/samsung_galaxy_appsFixed in version 4.2.18.2

🔴Vulnerability Details

2
GHSA
GHSA-52c9-pwfp-v3r3: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 42022-05-13
CVEList
CVE-2018-10502: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 42018-09-24
CVE-2018-10502 (HIGH CVSS 7.8) | This vulnerability allows local att | cvebase.io