6.5

CVE-2023-42579

Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack.

Data is provided by the National Vulnerability Database (NVD)
SamsungSamsung Keyboard Version < 5.3.70.1
   GoogleAndroid Version11.0
SamsungSamsung Keyboard Version >= 5.4.60.0 < 5.4.60.49
   GoogleAndroid Version11.0
SamsungSamsung Keyboard Version >= 5.4.85.0 < 5.4.85.5
   GoogleAndroid Version11.0
SamsungSamsung Keyboard Version >= 5.5.00.0 < 5.5.00.58
   GoogleAndroid Version11.0
SamsungSamsung Keyboard Version < 5.3.70.1
   GoogleAndroid Version12.0
SamsungSamsung Keyboard Version >= 5.6.00.0 < 5.6.00.52
   GoogleAndroid Version12.0
SamsungSamsung Keyboard Version >= 5.6.10.0 < 5.6.10.42
   GoogleAndroid Version12.0
SamsungSamsung Keyboard Version >= 5.7.00.0 < 5.7.00.45
   GoogleAndroid Version12.0
SamsungSamsung Keyboard Version < 5.3.70.1
   GoogleAndroid Version13.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.192
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.3 1.6 3.6
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
mobile.security@samsung.com 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.