Multiple vulnerabilities in Samsung Account
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2023-42550 CVE-2023-42546 CVE-2023-42547 CVE-2023-42548 CVE-2023-42549 CVE-2023-42551 |
| CWE-ID | CWE-927 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Account Mobile applications / Apps for mobile phones |
| Vendor |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Use of Implicit Intent for Sensitive Communication
EUVDB-ID: #VU82844
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42550
CWE-ID:
CWE-927 - Use of Implicit Intent for Sensitive Communication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of implicit intent for sensitive communication. A remote attacker can access arbitrary file with Samsung Account privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAccount: before 14.5.00.7
External linkshttp://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of Implicit Intent for Sensitive Communication
EUVDB-ID: #VU82879
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42546
CWE-ID:
CWE-927 - Use of Implicit Intent for Sensitive Communication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of implicit intent for sensitive communication. A remote attacker can access arbitrary file with Samsung Account privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAccount: before 14.5.00.7
External linkshttp://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of Implicit Intent for Sensitive Communication
EUVDB-ID: #VU82874
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42547
CWE-ID:
CWE-927 - Use of Implicit Intent for Sensitive Communication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of implicit intent for sensitive communication. A remote attacker can access arbitrary file with Samsung Account privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAccount: before 14.5.00.7
External linkshttp://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use of Implicit Intent for Sensitive Communication
EUVDB-ID: #VU82872
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42548
CWE-ID:
CWE-927 - Use of Implicit Intent for Sensitive Communication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of implicit intent for sensitive communication. A remote attacker can access arbitrary file with Samsung Account privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAccount: before 14.5.00.7
External linkshttp://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of Implicit Intent for Sensitive Communication
EUVDB-ID: #VU82871
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42549
CWE-ID:
CWE-927 - Use of Implicit Intent for Sensitive Communication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of implicit intent for sensitive communication. A remote attacker can access arbitrary file with Samsung Account privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAccount: before 14.5.00.7
External linkshttp://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use of Implicit Intent for Sensitive Communication
EUVDB-ID: #VU82843
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42551
CWE-ID:
CWE-927 - Use of Implicit Intent for Sensitive Communication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of implicit intent for sensitive communication. A remote attacker can access arbitrary file with Samsung Account privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAccount: before 14.5.00.7
External linkshttp://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
