CVE-2021-25342Improper Authentication in Mobile SMP SDK

CWE-287Improper Authentication3 documents3 sources
Severity
3.3LOWNVD
CNA4.0
EPSS
0.1%
top 83.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile SMP SDKSamsung Members
Timeline
PublishedMar 4
Latest updateMay 24

Description

Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDsamsung/members< 2.4.81.13+1
CVEListV5samsung_mobile/smp_sdkunspecified3.0.9

🔴Vulnerability Details

2
GHSA
GHSA-77xh-fchr-jp69: Calling of non-existent provider in SMP sdk prior to version 32022-05-24
CVEList
CVE-2021-25342: Calling of non-existent provider in SMP sdk prior to version 32021-03-04
CVE-2021-25342 — Improper Authentication | cvebase