CVE-2024-20890 β€” Improper Authentication in Samsung Android

CWE-287 β€” Improper Authentication3 documents3 sources
Severity
8.8HIGHNVD
CNA5.3
EPSS
0.1%
top 81.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Android
Timeline
PublishedJul 2

Description

Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

β–ΆNVDsamsung/android12.0, 13.0, 14.0+2

πŸ”΄Vulnerability Details

2
CVEList
CVE-2024-20890: Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior↗2024-07-02
β–Ά
GHSA
GHSA-494v-93jg-xf9g: Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior↗2024-07-02
β–Ά
CVE-2024-20890 β€” Improper Authentication in Samsung | cvebase