CVE-2022-1230

This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user. Was ZDI-CAN-15918.

CVSS v3 3.9 LOW

3.9^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.3 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-621/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:samsung:galaxy_s21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s21:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-03-28 19:15

Updated : 2024-02-28 20:13

NVD link : CVE-2022-1230

Mitre link : CVE-2022-1230

CVE.ORG link : CVE-2022-1230

JSON object : View

Products Affected

samsung

galaxy_s21_firmware
galaxy_s21

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

{"id": "CVE-2022-1230", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.3}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.3}]}, "published": "2023-03-28T19:15:10.120", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb", "tags": ["Vendor Advisory"], "source": "zdi-disclosures@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-621/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "zdi-disclosures@trendmicro.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}, {"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user. Was ZDI-CAN-15918."}], "lastModified": "2023-04-04T16:20:45.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_s21_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC9A71BB-62F0-4A9A-ADEE-7EE96301BDFD", "versionEndExcluding": "4.5.40.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_s21:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2553EBA1-B9F8-43EE-9745-91D085791118"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com"}