2022-11-14 09:00:31 +00:00
{
"CVE_data_meta" : {
2023-02-09 19:00:45 +00:00
"ASSIGNER" : "mobile.security@samsung.com" ,
2022-11-14 09:00:31 +00:00
"ID" : "CVE-2023-21441" ,
2023-02-09 19:00:45 +00:00
"STATE" : "PUBLIC"
2022-11-14 09:00:31 +00:00
} ,
2023-02-09 19:00:45 +00:00
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Routine" ,
"version" : {
"version_data" : [
{
"version_affected" : "<" ,
"version_name" : "" ,
"version_value" : "2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12)"
}
]
}
}
]
} ,
"vendor_name" : "Samsung Mobile"
}
]
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
2022-11-14 09:00:31 +00:00
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2023-02-09 19:00:45 +00:00
"value" : "Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code."
2022-11-14 09:00:31 +00:00
}
]
2023-02-09 19:00:45 +00:00
} ,
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH" ,
"attackVector" : "LOCAL" ,
"availabilityImpact" : "NONE" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"privilegesRequired" : "NONE" ,
"scope" : "CHANGED" ,
"userInteraction" : "REQUIRED" ,
"vectorString" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" ,
"version" : "3.1"
}
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-345: Insufficient Verification of Data Authenticity"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"refsource" : "MISC" ,
"url" : "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02" ,
"name" : "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02"
}
]
} ,
"source" : {
"discovery" : "UNKNOWN"
2022-11-14 09:00:31 +00:00
}
}
