CVE-2023-30677 — Improper Access Control in Samsung Pass

CWE-284 — Improper Access Control3 documents3 sources

Severity

4.6MEDIUMNVD

CNA6.1

EPSS

0.1%

top 72.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Pass

Timeline

PublishedJul 6

Description

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages1 packages

▶NVDsamsung/pass< 4.2.03.1

🔴Vulnerability Details

GHSA

GHSA-36wc-2jgf-p9gp: Improper access control vulnerability in Samsung Pass prior to version 4↗2023-07-06

▶

CVEList

CVE-2023-30677: Improper access control vulnerability in Samsung Pass prior to version 4↗2023-07-06

▶