CVE-2023-21452 — Improper Authorization in Mobile Devices

CWE-285 — Improper Authorization3 documents3 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 80.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Samsung Android

Timeline

PublishedMar 16

Description

Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesAndroid 11, 12, 13 — SMR Mar-2023 Release 1

▶NVDsamsung/android11.0, 12.0, 13.0+2

🔴Vulnerability Details

GHSA

GHSA-4g7q-85r5-pm7w: Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device↗2023-03-16

▶

CVEList

CVE-2023-21452: Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device↗2023-03-16

▶