CVE-2019-12087

Опубликовано: 14 мая 2019

Источник: nvd

CVSS3: 5.5

CVSS2: 4.9

EPSS Низкий

Описание

Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. For example, the victim becomes stuck in a launcher with their Secure Folder locked. NOTE: the researcher mentions "the Samsung Security Team considered this issue as no/little security impact.

Ссылки

https://github.com/fs0c131y/SamsungLocker
Exploit
Third Party Advisory
https://github.com/fs0c131y/SamsungLocker
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:samsung:s9\+_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:s9\+:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:samsung:s10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:s10:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:samsung:xcover_4_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:xcover_4:-:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00049

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-399

Связанные уязвимости

GHSA-4w8c-88r4-pgpj

CVSS3: 5.5

github

больше 3 лет назад

** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. For example, the victim becomes stuck in a launcher with their Secure Folder locked. NOTE: the researcher mentions "the Samsung Security Team considered this issue as no/little security impact."

EPSS

Процентиль: 15%

0.00049

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-399