Samsung Charm up to 1.2.2 cancelAlarmManager implicit intent for sensitive communication
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.7 | $0-$5k | 0.00 |
A vulnerability, which was classified as problematic, was found in Samsung Charm up to 1.2.2. CWE is classifying the issue as CWE-927. The Android application uses an implicit intent for transmitting sensitive data to other applications. The impact remains unknown. CVE summarizes:
PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.
The weakness was released 08/06/2022. The advisory is available at security.samsungmobile.com. This vulnerability is traded as CVE-2022-36830 since 07/27/2022. Technical details are known, but there is no available exploit.
Upgrading to version 1.2.3 eliminates this vulnerability.
Product
Vendor
Name
CPE 2.3
CPE 2.2
CVSSv3
VulDB Meta Base Score: 4.7VulDB Meta Temp Score: 4.7
VulDB Base Score: 3.3
VulDB Temp Score: 3.2
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 6.2
CNA Vector (Samsung Mobile): 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Information disclosureCWE: CWE-927
ATT&CK: Unknown
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: Charm 1.2.3
Timeline
07/27/2022 CVE reserved08/06/2022 Advisory disclosed
08/06/2022 VulDB entry created
08/06/2022 VulDB last update
Sources
Vendor: samsung.comAdvisory: security.samsungmobile.com
Status: Confirmed
CVE: CVE-2022-36830 (🔒)
Entry
Created: 08/06/2022 08:21 AMChanges: (19) vulnerability_cvss2_vuldb_basescore vulnerability_cvss2_vuldb_tempscore vulnerability_cvss2_vuldb_av vulnerability_cvss2_vuldb_ac vulnerability_cvss2_vuldb_au vulnerability_cvss2_vuldb_ci vulnerability_cvss2_vuldb_ii vulnerability_cvss2_vuldb_ai vulnerability_cvss2_vuldb_e vulnerability_cvss2_vuldb_rl vulnerability_cvss2_vuldb_rc vulnerability_cvss3_meta_basescore vulnerability_cvss3_meta_tempscore vulnerability_cvss3_vuldb_basescore vulnerability_cvss3_vuldb_tempscore vulnerability_cvss3_vuldb_e advisory_date exploit_price_0day vulnerability_cvss3_cna_basescore
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.