CVE-2022-23994

CWE-284Improper Access ControlCWE-863Incorrect Authorization3 documents3 sources
Severity
3.3LOW
EPSS
0.2%
top 58.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung Wearable DevicesSamsung Wear OS
Timeline
PublishedFeb 11
Latest updateFeb 12

Description

An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDsamsung/wear_os< 3.0
CVEListV5samsung_mobile/samsung_wearable_devicesWear OS 3.0Firmware update Feb-2022 Release

🔴Vulnerability Details

2
GHSA
GHSA-wrf8-w7q7-mfr4: An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 32022-02-12
CVEList
CVE-2022-23994: An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 32022-02-11
CVE-2022-23994 (LOW CVSS 3.3) | An Improper access control vulnerab | cvebase.io