Main Vulnerability Database Vulnerabilities #VU34503

#VU34503 Input validation error in Google Android - CVE-2018-21078

Published: April 8, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34503

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-21078

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018).

Remediation

Install update from vendor's website.

External links

https://security.samsungmobile.com/securityUpdate.smsb

#VU34503 Input validation error in Google Android - CVE-2018-21078

Description

Remediation

External links

Please verify you're human