CVE-2021-25377

Published: Apr 9, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.

Affected (2)

Products: Samsung: Experience Service

Samsung

1 product

Experience Service

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Experience Service	Up to 10.8.0.4

Running on/with	Platform Versions
Google Android	Version 9.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Experience Service	From 12.2.0.5

Running on/with	Platform Versions
Google Android	Version 10.0

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

https://security.samsungmobile.com/

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.