Summaryinfo

A vulnerability was found in Samsung Account. It has been rated as critical. Affected by this issue is some unknown functionality of the component Contact/Gallery. Performing a manipulation results in privileges management. This vulnerability is identified as CVE-2022-30743. The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is advised. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Detailsinfo

A vulnerability classified as critical has been found in Samsung Account. This affects an unknown function of the component Contact/Gallery. The manipulation with an unknown input leads to a privileges management vulnerability. CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was released 06/08/2022. It is possible to read the advisory at security.samsungmobile.com. This vulnerability is uniquely identified as CVE-2022-30743 since 05/16/2022. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.

Upgrading to version 13.2.00.6 eliminates this vulnerability.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Vendor

• Samsung

Name

• Account

Version

• 1.5.24
• 1.6.0069
• 2.1
• 2.1.0069
• 10.7.0.7
• 10.8.0.4
• 12.1.1.3
• 13.1.0.1

License

• commercial

Website

• Vendor: https://www.samsung.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion