CVE-2022-23998

EPSS 0.18%
Published 11.02.2022 18:15:12
Last modified 21.11.2024 06:49:37
Source mobile.security@samsung.com
Teams watchlist Login
Open Login

Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Samsung ≫ Camera Version < 11.1.02.16

Google ≫ Android Version11.0

Samsung ≫ Camera Version < 10.5.03.77

Google ≫ Android Version10.0

Samsung ≫ Camera Version < 9.0.6.68

Google ≫ Android Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.369

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
mobile.security@samsung.com	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-23998

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-23998

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-23998

EUVD