CVE-2021-25433

CWE-285 CWE-863 — Incorrect Authorization3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 88.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Tizen Wearable Devices Linux Tizen

Timeline

PublishedJul 8

Latest updateMay 24

Description

Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlinux/tizen< 5.5

▶CVEListV5samsung_mobile/tizen_wearable_devicesTizen 5.5 — Firmware update JUL-2021 Release

🔴Vulnerability Details

GHSA

GHSA-78rr-8w79-72qw: Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform↗2022-05-24

▶

CVEList

CVE-2021-25433: Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform↗2021-07-08

▶