CVE-2022-24931 — Improper Privilege Management in Mobile Devices

CWE-269 — Improper Privilege Management CWE-863 — Incorrect Authorization4 documents4 sources

Severity

7.8HIGHNVD

CNA7.9

EPSS

0.0%

top 96.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Google Android

Timeline

PublishedMar 10

Latest updateMar 11

Description

Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesQ(10), R(11) — SMR Mar-2022 Release 1

▶NVDgoogle/android10.0, 11.0+1

🔴Vulnerability Details

GHSA

GHSA-5hg7-xm7j-2ff2: Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbit↗2022-03-11

▶

CVEList

CVE-2022-24931: Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbit↗2022-03-08

▶

💥Exploits & PoCs

Exploit-DB

WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection (Unauthenticated)↗2022-02-10

▶