CVE-2022-28790

Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic.

CVSS v3 3.3 LOW
CVSS v2.0 2.1 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:link_to_windows_service:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-05-03 20:15

Updated : 2022-05-11 18:25

NVD link : CVE-2022-28790

Mitre link : CVE-2022-28790

CVE.ORG link : CVE-2022-28790

JSON object : View

Products Affected

samsung

link_to_windows_service

CWE

CWE-287

Improper Authentication

{"id": "CVE-2022-28790", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.5}]}, "published": "2022-05-03T20:15:09.630", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "mobile.security@samsung.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic."}, {"lang": "es", "value": "Una autenticaci\u00f3n inapropiada en Link to Windows Service versiones anteriores a 2.3.04.1, permite al atacante bloquear el dispositivo. El parche a\u00f1ade una l\u00f3gica apropiada de comprobaci\u00f3n de la firma de la persona que llama"}], "lastModified": "2022-05-11T18:25:24.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:link_to_windows_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01A53084-E54C-4DAE-9924-1F3F60E12C96", "versionEndExcluding": "2.3.04.1"}], "operator": "OR"}]}], "sourceIdentifier": "mobile.security@samsung.com"}