CVE-2022-23995Improper Access Control in Samsung Wear OS

CWE-284Improper Access ControlCWE-276Incorrect Default Permissions3 documents3 sources
Severity
3.3LOWNVD
CNA4.0
EPSS
0.2%
top 59.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung Wearable DevicesSamsung Wear OS
Timeline
PublishedFeb 11
Latest updateFeb 12

Description

Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDsamsung/wear_os< 3.0
CVEListV5samsung_mobile/samsung_wearable_devicesWear OS 3.0Firmware update Feb-2022 Release

🔴Vulnerability Details

2
GHSA
GHSA-7mpc-29w7-wf38: Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 32022-02-12
CVEList
CVE-2022-23995: Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 32022-02-11
CVE-2022-23995 — Improper Access Control in Samsung | cvebase