CVE-2021-25413 — Improper Input Validation in Mobile Devices

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 98.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Google Android

Timeline

PublishedJun 11

Latest updateJul 15

Description

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesP(9.0), Q(10.0), R(11.0) — SMA JUN-2021 Release 1

▶NVDgoogle/android10.0, 11.0, 9.0+2

🔴Vulnerability Details

GHSA

GHSA-f83q-56p3-cg37: Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbit↗2022-05-24

▶

CVEList

CVE-2021-25413: Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbit↗2021-06-11

▶

📄Research Papers

arXiv

Static Detection of Filesystem Vulnerabilities in Android Systems↗2024-07-15

▶