CVE-2021-25352

CWE-285CWE-668Exposure to Wrong SphereCWE-863Incorrect Authorization3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 88.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Bixby VoiceSamsung Bixby Voice
Timeline
PublishedMar 25
Latest updateMay 24

Description

Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/bixby_voice< 3.0.52.14
CVEListV5samsung_mobile/bixby_voiceunspecified3.0.52.14

🔴Vulnerability Details

2
GHSA
GHSA-xfcw-6c56-rp9p: Using PendingIntent with implicit intent in Bixby Voice prior to version 32022-05-24
CVEList
CVE-2021-25352: Using PendingIntent with implicit intent in Bixby Voice prior to version 32021-03-25
CVE-2021-25352 (HIGH CVSS 7.8) | Using PendingIntent with implicit i | cvebase.io