5.3

CVE-2023-49927

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check format types specified by the RRC. This can lead to a lack of encryption.

Data is provided by the National Vulnerability Database (NVD)
SamsungExynos 9820 Firmware Version-
   SamsungExynos 9820 Version-
SamsungExynos 9825 Firmware Version-
   SamsungExynos 9825 Version-
SamsungExynos 980 Firmware Version-
   SamsungExynos 980 Version-
SamsungExynos 990 Firmware Version-
   SamsungExynos 990 Version-
SamsungExynos 850 Firmware Version-
   SamsungExynos 850 Version-
SamsungExynos 1080 Firmware Version-
   SamsungExynos 1080 Version-
SamsungExynos 2100 Firmware Version-
   SamsungExynos 2100 Version-
SamsungExynos 2200 Firmware Version-
   SamsungExynos 2200 Version-
SamsungExynos 1280 Firmware Version-
   SamsungExynos 1280 Version-
SamsungExynos 1380 Firmware Version-
   SamsungExynos 1380 Version-
SamsungExynos 1330 Firmware Version-
   SamsungExynos 1330 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.08% 0.242
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cve@mitre.org 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-331 Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.