CVE-2021-25382Improper Authorization in Mobile Devices

CWE-285Improper AuthorizationCWE-863Incorrect Authorization3 documents3 sources
Severity
5.5MEDIUMNVD
CNA6.1
EPSS
0.0%
top 95.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile DevicesGoogle Android
Timeline
PublishedApr 23
Latest updateMay 24

Description

An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.3 | Impact: 5.2

Affected Packages2 packages

CVEListV5samsung_mobile/samsung_mobile_devicesO(8.x), P(9.0), Q(10.0), R(11.0)SMR Oct-2020 Release 1
NVDgoogle/android5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-5fqj-9cqv-7vh5: An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure2022-05-24
CVEList
CVE-2021-25382: An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure2021-04-23
CVE-2021-25382 — Improper Authorization | cvebase