7.1

CVE-2021-25337

Warning

Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.

Data is provided by the National Vulnerability Database (NVD)
SamsungAndroid Version9.0 Updatesmr-apr-2019-r1
SamsungAndroid Version9.0 Updatesmr-apr-2020-r1
SamsungAndroid Version9.0 Updatesmr-aug-2019-r1
SamsungAndroid Version9.0 Updatesmr-aug-2020-r1
SamsungAndroid Version9.0 Updatesmr-dec-2018-r1
SamsungAndroid Version9.0 Updatesmr-dec-2019-r1
SamsungAndroid Version9.0 Updatesmr-dec-2020-r1
SamsungAndroid Version9.0 Updatesmr-feb-2019-r1
SamsungAndroid Version9.0 Updatesmr-feb-2020-r1
SamsungAndroid Version9.0 Updatesmr-feb-2021-r1
SamsungAndroid Version9.0 Updatesmr-jan-2019-r1
SamsungAndroid Version9.0 Updatesmr-jan-2020-r1
SamsungAndroid Version9.0 Updatesmr-jan-2021-r1
SamsungAndroid Version9.0 Updatesmr-jul-2019-r1
SamsungAndroid Version9.0 Updatesmr-jul-2020-r1
SamsungAndroid Version9.0 Updatesmr-jun-2019-r1
SamsungAndroid Version9.0 Updatesmr-jun-2020-r1
SamsungAndroid Version9.0 Updatesmr-mar-2019-r1
SamsungAndroid Version9.0 Updatesmr-mar-2020-r1
SamsungAndroid Version9.0 Updatesmr-may-2019-r1
SamsungAndroid Version9.0 Updatesmr-may-2020-r1
SamsungAndroid Version9.0 Updatesmr-nov-2018-r1
SamsungAndroid Version9.0 Updatesmr-nov-2019-r1
SamsungAndroid Version9.0 Updatesmr-nov-2020-r1
SamsungAndroid Version9.0 Updatesmr-oct-2018-r1
SamsungAndroid Version9.0 Updatesmr-oct-2019-r1
SamsungAndroid Version9.0 Updatesmr-oct-2020-r1
SamsungAndroid Version9.0 Updatesmr-sep-2019-r1
SamsungAndroid Version9.0 Updatesmr-sep-2020-r1
SamsungAndroid Version10.0 Updatesmr-apr-2020-r1
SamsungAndroid Version10.0 Updatesmr-aug-2020-r1
SamsungAndroid Version10.0 Updatesmr-dec-2019-r1
SamsungAndroid Version10.0 Updatesmr-dec-2020-r1
SamsungAndroid Version10.0 Updatesmr-feb-2020-r1
SamsungAndroid Version10.0 Updatesmr-feb-2021-r1
SamsungAndroid Version10.0 Updatesmr-jan-2020-r1
SamsungAndroid Version10.0 Updatesmr-jan-2021-r1
SamsungAndroid Version10.0 Updatesmr-jul-2020-r1
SamsungAndroid Version10.0 Updatesmr-jun-2020-r1
SamsungAndroid Version10.0 Updatesmr-mar-2020-r1
SamsungAndroid Version10.0 Updatesmr-may-2020-r1
SamsungAndroid Version10.0 Updatesmr-nov-2019-r1
SamsungAndroid Version10.0 Updatesmr-nov-2020-r1
SamsungAndroid Version10.0 Updatesmr-oct-2020-r1
SamsungAndroid Version10.0 Updatesmr-sep-2020-r1
SamsungAndroid Version11.0 Updatesmr-dec-2020-r1
SamsungAndroid Version11.0 Updatesmr-feb-2021-r1
SamsungAndroid Version11.0 Updatesmr-jan-2021-r1

08.11.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Samsung Mobile Devices Improper Access Control Vulnerability

Vulnerability

Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.4% 0.599
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
mobile.security@samsung.com 4.4 1.8 2.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.