CVE-2022-25826

Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log

CVSS v3 1.9 LOW
CVSS v2.0 2.1 LOW

1.9^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=3	Vendor Advisory
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=3	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:galaxy_watch_3_plugin:*:*:*:*:*:android:*:*

History

21 Nov 2024, 06:53

Type	Values Removed	Values Added
CVSS	v2 : ~~2.1~~ v3 : ~~3.3~~	v2 : 2.1 v3 : 1.9
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=3 - Vendor Advisory~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=3 - Vendor Advisory

10 Jul 2023, 19:43

Type	Values Removed	Values Added
CWE	~~CWE-200~~	CWE-532

Information

Published : 2022-03-10 17:47

Updated : 2024-11-21 06:53

NVD link : CVE-2022-25826

Mitre link : CVE-2022-25826

CVE.ORG link : CVE-2022-25826

JSON object : View

Products Affected

samsung

galaxy_watch_3_plugin

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2022-25826", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 1.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2022-03-10T17:47:24.277", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=3", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}, {"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=3", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "mobile.security@samsung.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log"}, {"lang": "es", "value": "Una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en Galaxy S3 Plugin versiones anteriores a 2.2.03.22012751, permite a un atacante acceder a informaci\u00f3n de la contrase\u00f1a de un WiFiAp conectado en el registro"}], "lastModified": "2024-11-21T06:53:04.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:galaxy_watch_3_plugin:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "530E3996-BF4F-4DAE-AC16-BD23AB73F28F", "versionEndExcluding": "2.2.03.22012751"}], "operator": "OR"}]}], "sourceIdentifier": "mobile.security@samsung.com"}