CVE-2022-33707Small Space of Random Values in Mobile Findmymobile

CWE-334Small Space of Random ValuesCWE-330Use of Insufficiently Random Values3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 48.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile FindmymobileSamsung Find MY Mobile
Timeline
PublishedJul 12
Latest updateJul 13

Description

Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDsamsung/find_my_mobile< 7.2.24.12
CVEListV5samsung_mobile/findmymobileunspecified7.2.24.12

🔴Vulnerability Details

2
GHSA
GHSA-wgmq-9f68-5pjw: Improper identifier creation logic in Find My Mobile prior to version 72022-07-13
CVEList
CVE-2022-33707: Improper identifier creation logic in Find My Mobile prior to version 72022-07-11
CVE-2022-33707 — Small Space of Random Values | cvebase