CVE-2019-6742

EPSS 19.21%
Published 03.06.2019 19:29:02
Last modified 21.11.2024 04:47:02
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Samsung ≫ Galaxy S9 Firmware Version < 1.4.20.2

Samsung ≫ Galaxy S9 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	19.21%	0.948

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
zdi-disclosures@trendmicro.com	10	3.9	6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-358 Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

https://www.zerodayinitiative.com/advisories/ZDI-19-255/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2019-6742

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6742

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6742

EUVD