CVE-2022-39901
published 2022-12-08CVE-2022-39901: Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and…
PriorityP431medium6.5CVSS 3.1
AVAACLPRNUINSUCHINAN
EPSS
0.24%
15.1th percentile
Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung_mobile | samsung_mobile_devices | >= Exynos baseband < SMR Dec-2022 Release 1 | SMR Dec-2022 Release 1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2022-39901: In TBD of TBD, there is a possible downgrade attack against cryptography in a 5G NSA network due to a logic error in the code
osv·2023-06-01
CVE-2022-39901 CVE-2022-39901: In TBD of TBD, there is a possible downgrade attack against cryptography in a 5G NSA network due to a logic error in the code
In TBD of TBD, there is a possible downgrade attack against cryptography in a 5G NSA network due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
GHSA
GHSA-cgvm-v5x3-2hm9: Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE
ghsa_unreviewed·2022-12-08
CVE-2022-39901 [MEDIUM] CWE-287 GHSA-cgvm-v5x3-2hm9: Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE
Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-08
Published