7.1

CVE-2021-25337

Warnung

Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SamsungAndroid Version9.0 Updatesmr-apr-2019-r1
SamsungAndroid Version9.0 Updatesmr-apr-2020-r1
SamsungAndroid Version9.0 Updatesmr-aug-2019-r1
SamsungAndroid Version9.0 Updatesmr-aug-2020-r1
SamsungAndroid Version9.0 Updatesmr-dec-2018-r1
SamsungAndroid Version9.0 Updatesmr-dec-2019-r1
SamsungAndroid Version9.0 Updatesmr-dec-2020-r1
SamsungAndroid Version9.0 Updatesmr-feb-2019-r1
SamsungAndroid Version9.0 Updatesmr-feb-2020-r1
SamsungAndroid Version9.0 Updatesmr-feb-2021-r1
SamsungAndroid Version9.0 Updatesmr-jan-2019-r1
SamsungAndroid Version9.0 Updatesmr-jan-2020-r1
SamsungAndroid Version9.0 Updatesmr-jan-2021-r1
SamsungAndroid Version9.0 Updatesmr-jul-2019-r1
SamsungAndroid Version9.0 Updatesmr-jul-2020-r1
SamsungAndroid Version9.0 Updatesmr-jun-2019-r1
SamsungAndroid Version9.0 Updatesmr-jun-2020-r1
SamsungAndroid Version9.0 Updatesmr-mar-2019-r1
SamsungAndroid Version9.0 Updatesmr-mar-2020-r1
SamsungAndroid Version9.0 Updatesmr-may-2019-r1
SamsungAndroid Version9.0 Updatesmr-may-2020-r1
SamsungAndroid Version9.0 Updatesmr-nov-2018-r1
SamsungAndroid Version9.0 Updatesmr-nov-2019-r1
SamsungAndroid Version9.0 Updatesmr-nov-2020-r1
SamsungAndroid Version9.0 Updatesmr-oct-2018-r1
SamsungAndroid Version9.0 Updatesmr-oct-2019-r1
SamsungAndroid Version9.0 Updatesmr-oct-2020-r1
SamsungAndroid Version9.0 Updatesmr-sep-2019-r1
SamsungAndroid Version9.0 Updatesmr-sep-2020-r1
SamsungAndroid Version10.0 Updatesmr-apr-2020-r1
SamsungAndroid Version10.0 Updatesmr-aug-2020-r1
SamsungAndroid Version10.0 Updatesmr-dec-2019-r1
SamsungAndroid Version10.0 Updatesmr-dec-2020-r1
SamsungAndroid Version10.0 Updatesmr-feb-2020-r1
SamsungAndroid Version10.0 Updatesmr-feb-2021-r1
SamsungAndroid Version10.0 Updatesmr-jan-2020-r1
SamsungAndroid Version10.0 Updatesmr-jan-2021-r1
SamsungAndroid Version10.0 Updatesmr-jul-2020-r1
SamsungAndroid Version10.0 Updatesmr-jun-2020-r1
SamsungAndroid Version10.0 Updatesmr-mar-2020-r1
SamsungAndroid Version10.0 Updatesmr-may-2020-r1
SamsungAndroid Version10.0 Updatesmr-nov-2019-r1
SamsungAndroid Version10.0 Updatesmr-nov-2020-r1
SamsungAndroid Version10.0 Updatesmr-oct-2020-r1
SamsungAndroid Version10.0 Updatesmr-sep-2020-r1
SamsungAndroid Version11.0 Updatesmr-dec-2020-r1
SamsungAndroid Version11.0 Updatesmr-feb-2021-r1
SamsungAndroid Version11.0 Updatesmr-jan-2021-r1

08.11.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Samsung Mobile Devices Improper Access Control Vulnerability

Schwachstelle

Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.599
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
mobile.security@samsung.com 4.4 1.8 2.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.