CVE-2020-7811

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 86.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Electronics Samsung UpdateSamsung Update
Timeline
PublishedOct 12
Latest updateMay 24

Description

Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/update3.0.2.03.0.32.0
CVEListV5samsung_electronics/samsung_update3.0.2.03.0.32.0

🔴Vulnerability Details

2
GHSA
GHSA-rw4v-74gf-cr5f: Samsung Update 32022-05-24
CVEList
Samsung Update Local Privilege Escalation Vulnerability2020-10-12
CVE-2020-7811 (HIGH CVSS 7.8) | Samsung Update 3.0.2.0 ~ 3.0.32.0 h | cvebase.io