CVE-2022-23997

CWE-284Improper Access Control3 documents3 sources
Severity
3.3LOW
EPSS
0.2%
top 59.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung Wearable DevicesSamsung Wear OS
Timeline
PublishedFeb 11
Latest updateFeb 12

Description

Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a proper permission.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.5 | Impact: 1.4

Affected Packages2 packages

NVDsamsung/wear_os< 3.0
CVEListV5samsung_mobile/samsung_wearable_devicesWear OS 3.0Firmware update Feb-2022 Release

🔴Vulnerability Details

2
GHSA
GHSA-gv9g-pxv2-vq9v: Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 32022-02-12
CVEList
CVE-2022-23997: Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 32022-02-11