CVE-2023-30704Improper Authorization in Samsung Internet

CWE-285Improper Authorization3 documents3 sources
Severity
4.6MEDIUMNVD
CNA3.8
EPSS
0.1%
top 79.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Internet
Timeline
PublishedAug 10

Description

Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages1 packages

NVDsamsung/internet< 22.0.0.35

🔴Vulnerability Details

2
GHSA
GHSA-2cww-3vfj-9m4c: Improper Authorization vulnerability in Samsung Internet prior to version 222023-08-10
CVEList
CVE-2023-30704: Improper Authorization vulnerability in Samsung Internet prior to version 222023-08-10
CVE-2023-30704 — Improper Authorization in Samsung | cvebase