CVE-2024-32670

Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting.

CVSS

No CVSS.

References

Link	Resource
https://securityreport.samsung.com
https://securityreport.samsung.com

Configurations

No configuration.

History

21 Nov 2024, 09:15

Type	Values Removed	Values Added
References	~~() https://securityreport.samsung.com -~~	() https://securityreport.samsung.com -

11 Jul 2024, 13:05

Type	Values Removed	Values Added
Summary		(es) La exposición de información confidencial a un actor no autorizado en Samsung Galaxy SmartTag2 anterior a 0.20.04 permite a los ataques identificar potencialmente la ubicación de la etiqueta al escanear la publicidad BLE.

10 Jul 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-10 01:15

Updated : 2024-11-21 09:15

NVD link : CVE-2024-32670

Mitre link : CVE-2024-32670

CVE.ORG link : CVE-2024-32670

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-32670", "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "PSIRT@samsung.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 7.0, "automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-10T01:15:09.893", "references": [{"url": "https://securityreport.samsung.com", "source": "PSIRT@samsung.com"}, {"url": "https://securityreport.samsung.com", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "PSIRT@samsung.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting."}, {"lang": "es", "value": "La exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Samsung Galaxy SmartTag2 anterior a 0.20.04 permite a los ataques identificar potencialmente la ubicaci\u00f3n de la etiqueta al escanear la publicidad BLE."}], "lastModified": "2024-11-21T09:15:26.347", "sourceIdentifier": "PSIRT@samsung.com"}