CVE-2023-42571

Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 0.9 / Impact : 6.0

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12	Vendor Advisory
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:find_my_mobile:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:22

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.8~~	v2 : unknown v3 : 7.6
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 - Vendor Advisory~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 - Vendor Advisory

11 Dec 2023, 14:50

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.8
CPE		cpe:2.3:a:samsung:find_my_mobile::::::::
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 -~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12 - Vendor Advisory
First Time		Samsung Samsung find My Mobile
CWE		NVD-CWE-noinfo

05 Dec 2023, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-05 03:15

Updated : 2024-11-21 08:22

NVD link : CVE-2023-42571

Mitre link : CVE-2023-42571

CVE.ORG link : CVE-2023-42571

JSON object : View

Products Affected

samsung

find_my_mobile

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-42571", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2023-12-05T03:15:17.573", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}, {"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device."}, {"lang": "es", "value": "El abuso del desbloqueo remoto en Find My Mobile anterior a la versi\u00f3n 7.3.13.4 permite a un atacante f\u00edsico desbloquear el dispositivo de forma remota restableciendo la contrase\u00f1a de la cuenta Samsung con verificaci\u00f3n por SMS cuando el usuario pierde el dispositivo."}], "lastModified": "2024-11-21T08:22:48.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:find_my_mobile:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4185038B-DDD2-47F6-9C44-9CC2EF57615A", "versionEndExcluding": "7.3.13.4"}], "operator": "OR"}]}], "sourceIdentifier": "mobile.security@samsung.com"}