CVE-2021-25418Improper Privilege Management in Mobile Samsung Internet

CWE-269Improper Privilege ManagementCWE-863Incorrect Authorization3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 69.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung InternetSamsung Internet
Timeline
PublishedJun 11
Latest updateMay 24

Description

Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsamsung/internet< 14.0.1.62
CVEListV5samsung_mobile/samsung_internetunspecified14.0.1.62

🔴Vulnerability Details

2
GHSA
GHSA-q9xq-p65j-27m8: Improper component protection vulnerability in Samsung Internet prior to version 142022-05-24
CVEList
CVE-2021-25418: Improper component protection vulnerability in Samsung Internet prior to version 142021-06-11
CVE-2021-25418 — Improper Privilege Management | cvebase