Main Vulnerability Database Vulnerabilities #VU85081

Improper Authentication in Samsung Mobile Firmware - CVE-2024-20803

Published: January 8, 2024

Vulnerability identifier: #VU85081

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-20803

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Samsung

Affected software:
Samsung Mobile Firmware

Detailed vulnerability description

The vulnerability allows an attacker to bypass authentication process.

The vulnerability exists due to an error in Bluetooth pairing process. An attacker with physical proximity to device can establish pairing process without user interaction.

How to mitigate CVE-2024-20803

Install updates from vendor's website.

Sources

https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01

Improper Authentication in Samsung Mobile Firmware - CVE-2024-20803

Detailed vulnerability description

How to mitigate CVE-2024-20803

Sources

Please verify you're human