Main Vulnerability Database Vulnerabilities #VU69231

Improper access control in Samsung Mobile Firmware - CVE-2021-25369

Published: November 10, 2022

Vulnerability identifier: #VU69231

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2021-25369

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Samsung Mobile Firmware

Software vendor:
Samsung

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions to the sec_log file. A local application can read the log file and obtain sensitive system information.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

External links

https://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021
https://googleprojectzero.blogspot.com/2022/11/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html

Improper access control in Samsung Mobile Firmware - CVE-2021-25369

Description

Remediation

External links

Please verify you're human