CVE-2023-21419 — Improper Authentication in Mobile Devices

CWE-287 — Improper Authentication CWE-770 — Allocation of Resources Without Limits or Throttling4 documents4 sources

Severity

7.5HIGHNVD

CNA4.3

EPSS

0.1%

top 69.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Google Android

Timeline

PublishedFeb 9

Latest updateOct 17

Description

An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesS(12) — SMR Jan-2023 Release 1

▶NVDgoogle/android12.0

🔴Vulnerability Details

CVEList

CVE-2023-21419: An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain con↗2023-02-09

▶

GHSA

GHSA-4c7c-mfjc-jhf3: An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain con↗2023-02-09

▶

📋Vendor Advisories

Red Hat

python-eventlet: patch regression for CVE-2021-21419 in some Red Hat builds↗2023-10-17

▶