Main Vulnerability Database Vulnerabilities #VU37353

Input validation error in Samsung Mobile - CVE-2018-9142

Published: March 30, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37353

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-9142

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Samsung

Affected software:
Samsung Mobile

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.

How to mitigate CVE-2018-9142

Install update from vendor's website.

Sources

https://security.samsungmobile.com/securityUpdate.smsb

Input validation error in Samsung Mobile - CVE-2018-9142

Detailed vulnerability description

How to mitigate CVE-2018-9142

Sources

Please verify you're human