CVE-2019-16256
published 2019-09-12CVE-2019-16256: Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI…
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
4.95%
91.1th percentile
Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.
Detection & IOCsextracted from sources · hover to see the quote
- →Attack vector is a specially crafted SMS message containing SIM Toolkit (STK) instructions targeting the S@T Browser on the UICC; monitor for anomalous binary SMS (OTA) messages delivering STK commands to SIM cards ↗
- →Exploitation can result in silent retrieval of device location and IMEI; monitor for unexpected SS7/SMPP-layer binary SMS traffic or unsolicited location disclosure events from handsets ↗
- →The attack modifies the payload message to execute a range of commands beyond location/IMEI retrieval; inspect OTA SMS payloads for S@T Browser (SIMalliance Toolbox Browser) command envelopes ↗
- ·The vulnerable component (S@T Browser) resides on the UICC (SIM card) itself, not the handset OS; patching requires SIM card replacement or OTA SIM update by the carrier — standard OS/firmware updates are insufficient ↗
- ·Scope is not limited to Samsung; any device whose carrier has provisioned a UICC with S@T Browser is potentially affected, making carrier-side detection and remediation essential ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mq4h-3x66-jfc7: Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location an
ghsa_unreviewed·2022-05-24
CVE-2019-16256 [HIGH] GHSA-mq4h-3x66-jfc7: Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location an
Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.
VulnCheck
SIMalliance Toolbox Browser Command Injection Vulnerability
vulncheck·2019·CVSS 9.8
CVE-2019-16256 [CRITICAL] SIMalliance Toolbox Browser Command Injection Vulnerability
SIMalliance Toolbox Browser Command Injection Vulnerability
SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message.
Affected: SIMalliance Toolbox Browser
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-05-03
CISA
SIMalliance Toolbox Browser Command Injection Vulnerability
cisa·2021-11-03·CVSS 9.8
CVE-2019-16256 [CRITICAL] SIMalliance Toolbox Browser Command Injection Vulnerability
Vulnerability: SIMalliance Toolbox Browser Command Injection Vulnerability
Affected: SIMalliance Toolbox Browser
SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-16256
Remediation Due Date: 2022-05-03
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-09-12
Published
2021-11-03
Added to CISA KEV
Exploited in the wild