Samsung Camera Intent improper authorization

Summaryinfo

A vulnerability was found in Samsung Camera and classified as critical. Impacted is an unknown function of the component Intent Handler. Such manipulation leads to improper authorization. This vulnerability is listed as CVE-2022-33712. There is no available exploit. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability was found in Samsung Camera and classified as problematic. Affected by this issue is an unknown code of the component Intent Handler. The manipulation with an unknown input leads to a improper authorization vulnerability. Using CWE to declare the problem leads to CWE-285. The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. Impacted is confidentiality. CVE summarizes:

Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information.

The weakness was presented 07/12/2022. The advisory is shared for download at security.samsungmobile.com. This vulnerability is handled as CVE-2022-33712 since 06/15/2022. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1548.002.

Upgrading to version 12.0.0.98, 12.0.01.64, 12.0.3.19, 12.0.3.23 or 12.0.6.11 eliminates this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Vendor

• Samsung

Name

• Camera

License

• commercial

Website

• Vendor: https://www.samsung.com/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion