CVE-2022-33731 — Improper Access Control in Mobile Devices

CWE-284 — Improper Access Control3 documents3 sources

Severity

7.1HIGHNVD

CNA5.1

EPSS

0.0%

top 96.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Google Android

Timeline

PublishedAug 5

Latest updateAug 6

Description

Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesR(11), S(12) — SMR Aug-2022 Release 1

▶NVDgoogle/android11.0, 12.0+1

🔴Vulnerability Details

GHSA

GHSA-w9xc-vg9m-x2ch: Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components↗2022-08-06

▶

CVEList

CVE-2022-33731: Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components↗2022-08-05

▶