CVE-2022-36856 — Improper Access Control in Mobile Devices

CWE-284 — Improper Access Control CWE-862 — Missing Authorization3 documents3 sources

Severity

3.3LOWNVD

CNA4.0

EPSS

0.0%

top 87.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Google Android

Timeline

PublishedSep 9

Latest updateSep 10

Description

Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesS(12) — SMR Sep-2022 Release 1

▶NVDgoogle/android12.0

🔴Vulnerability Details

GHSA

GHSA-v427-m4xv-r7xq: Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined pe↗2022-09-10

▶

CVEList

CVE-2022-36856: Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined pe↗2022-09-09

▶