Summaryinfo

A vulnerability classified as critical was found in Samsung Knox VPN. Affected by this vulnerability is an unknown functionality. The manipulation leads to code injection. This vulnerability is known as CVE-2022-33725. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Detailsinfo

A vulnerability classified as problematic has been found in Samsung Knox VPN (Network Encryption Software) (version now known). Affected is some unknown processing. The manipulation with an unknown input leads to a code injection vulnerability. CWE is classifying the issue as CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. This is going to have an impact on confidentiality. CVE summarizes:

A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.

The weakness was disclosed 08/05/2022. The advisory is available at security.samsungmobile.com. This vulnerability is traded as CVE-2022-33725 since 06/15/2022. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1059 by the MITRE ATT&CK project.

Upgrading eliminates this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Network Encryption Software

Vendor

• Samsung

Name

• Knox VPN

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion