Main Vulnerability Database Vulnerabilities #VU68334

Incorrect authorization in Samsung Internet - CVE-2022-39873

Published: October 14, 2022

Vulnerability identifier: #VU68334

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-39873

CWE-ID: CWE-863

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Samsung Internet

Software vendor:
Samsung

Description

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to unprotected receiver in AtBroadcastReceiver. An attacker with physical access can add bookmarks in secret mode without user authentication.

Remediation

Install updates from vendor's website.

External links

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10

Incorrect authorization in Samsung Internet - CVE-2022-39873

Description

Remediation

External links

Please verify you're human