CVE-2022-25830

Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log

CVSS v3 1.9 LOW
CVSS v2.0 2.1 LOW

1.9^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=3	Vendor Advisory
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=3	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:galaxy_watch_3_plugin:*:*:*:*:*:android:*:*

History

21 Nov 2024, 06:53

Type	Values Removed	Values Added
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=3 - Vendor Advisory~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=3 - Vendor Advisory
CVSS	v2 : ~~2.1~~ v3 : ~~3.3~~	v2 : 2.1 v3 : 1.9

10 Jul 2023, 19:38

Type	Values Removed	Values Added
CWE	~~CWE-200~~	CWE-532

Information

Published : 2022-03-10 17:47

Updated : 2024-11-21 06:53

NVD link : CVE-2022-25830

Mitre link : CVE-2022-25830

CVE.ORG link : CVE-2022-25830

JSON object : View

Products Affected

samsung

galaxy_watch_3_plugin

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2022-25830", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 1.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2022-03-10T17:47:27.220", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=3", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}, {"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=3", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "mobile.security@samsung.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log"}, {"lang": "es", "value": "Una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en Galaxy Watch3 Plugin versiones anteriores a 2.2.09.22012751, que permite a un atacante acceder a la informaci\u00f3n de la contrase\u00f1a del WiFiAp conectado en el registro"}], "lastModified": "2024-11-21T06:53:04.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:galaxy_watch_3_plugin:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "530E3996-BF4F-4DAE-AC16-BD23AB73F28F", "versionEndExcluding": "2.2.03.22012751"}], "operator": "OR"}]}], "sourceIdentifier": "mobile.security@samsung.com"}