CVE-2023-21441Insufficient Verification of Data Authenticity in Mobile Routine

CWE-345Insufficient Verification of Data Authenticity3 documents3 sources
Severity
5.5MEDIUMNVD
CNA7.4
EPSS
0.0%
top 92.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile RoutineSamsung Android
Timeline
PublishedFeb 9

Description

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/android10.0, 11.0, 12.0+2
CVEListV5samsung_mobile/routineunspecified2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12)

🔴Vulnerability Details

2
GHSA
GHSA-ffqj-6rqc-8hr7: Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 22023-02-09
CVEList
CVE-2023-21441: Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 22023-02-09
CVE-2023-21441 — Samsung Mobile Routine vulnerability | cvebase