9.8
CVE-2019-16256
- EPSS 61.19%
- Veröffentlicht 12.09.2019 13:15:10
- Zuletzt bearbeitet 12.11.2025 17:52:10
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSome Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trustedconnectivityalliance ≫ S@t Browser Version-
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
SIMalliance Toolbox Browser Command Injection Vulnerability
SchwachstelleSIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 61.19% | 0.982 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|