CVE-2021-25414 — Improper Input Validation in Mobile Devices

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 88.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Google Android

Timeline

PublishedJun 11

Latest updateMay 24

Description

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesP(9.0), Q(10.0), R(11.0) — SMA JUN-2021 Release 1

▶NVDgoogle/android10.0, 11.0, 9.0+2

🔴Vulnerability Details

GHSA

GHSA-w8m5-fm5h-5qjj: Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary fil↗2022-05-24

▶

CVEList

CVE-2021-25414: Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary fil↗2021-06-11

▶