CVE-2018-11614

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

8.8HIGH

EPSS

0.5%

top 35.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Samsung Members

Timeline

PublishedSep 24

Latest updateMay 13

Description

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Intents. The issue lies in the ability to send an Intent that would not otherwise be reachable. An attacker can leverage this vulnerability to escalate privileges to resources norm…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsamsung/samsung_members< 2.4.25

▶CVEListV5samsung/samsung_membersFixed in version 2.4.25

🔴Vulnerability Details

GHSA

GHSA-78fx-2j49-jhpq: This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2↗2022-05-13

▶

CVEList

CVE-2018-11614: This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2↗2018-09-24

▶