CVE-2022-22269 — Improper Authorization in Mobile Devices

CWE-285 — Improper Authorization CWE-552 — Files or Directories Accessible to External Parties3 documents3 sources

Severity

3.3LOWNVD

CNA4.0

EPSS

0.0%

top 95.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Google Android

Timeline

PublishedJan 10

Latest updateJan 11

Description

Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesP(9.0), Q(10.0), R(11.0) — SMR Jan-2022 Release 1

▶NVDgoogle/android10.0, 11.0, 9.0+2

🔴Vulnerability Details

GHSA

GHSA-99cp-fcqx-fcjj: Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth↗2022-01-11

▶

CVEList

CVE-2022-22269: Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth↗2022-01-07

▶