CVE-2022-39899 — Improper Authentication in Mobile Devices

CWE-287 — Improper Authentication CWE-305 — Authentication Bypass by Primary Weakness CWE-791 — Incomplete Filtering of Special Elements4 documents4 sources

Severity

4.3MEDIUMNVD

CNA5.7

EPSS

0.0%

top 94.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Google Android

Timeline

PublishedDec 8

Latest updateJul 10

Description

Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesSelect Q(10), R(11), S(12), T(13) devices — SMR Dec-2022 Release 1

▶NVDgoogle/android4 versions+3

🔴Vulnerability Details

GHSA

PrivateBin allows shortening of URLs for other domains↗2024-07-10

▶

CVEList

CVE-2022-39899: Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S↗2022-12-08

▶

GHSA

GHSA-w3mw-7pp7-5rcf: Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S↗2022-12-08

▶