2023-12-05 05:00:22 +00:00
{
"id" : "CVE-2023-42579" ,
"sourceIdentifier" : "mobile.security@samsung.com" ,
"published" : "2023-12-05T03:15:18.967" ,
2023-12-12 23:00:22 +00:00
"lastModified" : "2023-12-12T21:22:00.157" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-12-05 05:00:22 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack."
2023-12-05 15:01:07 +00:00
} ,
{
"lang" : "es" ,
"value" : "Uso inadecuado de un protocolo inseguro (es decir, HTTP) en SogouSDK of Chinese Samsung Keyboard anterior a las versiones 5.3.70.1 en Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 en Android 12 y 5.6.00.52, 5.6.10.42, 5.7 .00.45 en Android 13 permite a atacantes adyacentes acceder a datos de pulsaciones de teclas mediante el ataque Man-in-the-Middle."
2023-12-05 05:00:22 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-12-12 23:00:22 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" ,
"attackVector" : "ADJACENT_NETWORK" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 5.3 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 1.6 ,
"impactScore" : 3.6
} ,
2023-12-05 05:00:22 +00:00
{
"source" : "mobile.security@samsung.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" ,
"attackVector" : "ADJACENT_NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 3.6
}
]
} ,
2023-12-12 23:00:22 +00:00
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-319"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
2024-05-19 02:03:31 +00:00
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
}
]
} ,
2023-12-12 23:00:22 +00:00
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:samsung:samsung_keyboard:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "5.3.70.1" ,
"matchCriteriaId" : "BF1C9578-2FA5-45E7-84C4-7D00AB0B13C4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:samsung:samsung_keyboard:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.4.60.0" ,
"versionEndExcluding" : "5.4.60.49" ,
"matchCriteriaId" : "590537E6-3C33-4A36-B2DA-D15DD9577EDE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:samsung:samsung_keyboard:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.4.85.0" ,
"versionEndExcluding" : "5.4.85.5" ,
"matchCriteriaId" : "6BAA17C0-045C-4864-BF1E-05234B8CC3EE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:samsung:samsung_keyboard:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.5.00.0" ,
"versionEndExcluding" : "5.5.00.58" ,
"matchCriteriaId" : "54AE42D4-0B71-4E83-89E9-CD42D7FA381C"
}
]
2024-05-19 02:03:31 +00:00
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
2023-12-12 23:00:22 +00:00
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
2024-05-19 02:03:31 +00:00
"criteria" : "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
2023-12-12 23:00:22 +00:00
}
]
2024-05-19 02:03:31 +00:00
} ,
2023-12-12 23:00:22 +00:00
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:samsung:samsung_keyboard:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "5.3.70.1" ,
"matchCriteriaId" : "BF1C9578-2FA5-45E7-84C4-7D00AB0B13C4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:samsung:samsung_keyboard:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.6.00.0" ,
"versionEndExcluding" : "5.6.00.52" ,
"matchCriteriaId" : "B5096E6D-1D66-4C9E-BE44-0FBB9F594FBB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:samsung:samsung_keyboard:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.6.10.0" ,
"versionEndExcluding" : "5.6.10.42" ,
"matchCriteriaId" : "6202106E-97BB-4735-828D-28AA1C443408"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:samsung:samsung_keyboard:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.7.00.0" ,
"versionEndExcluding" : "5.7.00.45" ,
"matchCriteriaId" : "1E637BBE-BF99-4464-9C17-F3D1AAF44FA5"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "879FFD0C-9B38-4CAA-B057-1086D794D469"
2023-12-12 23:00:22 +00:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-05-19 02:03:31 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:samsung:samsung_keyboard:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "5.3.70.1" ,
"matchCriteriaId" : "BF1C9578-2FA5-45E7-84C4-7D00AB0B13C4"
2023-12-12 23:00:22 +00:00
}
]
}
]
}
] ,
2023-12-05 05:00:22 +00:00
"references" : [
{
"url" : "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12" ,
2023-12-12 23:00:22 +00:00
"source" : "mobile.security@samsung.com" ,
"tags" : [
"Vendor Advisory"
]
2023-12-05 05:00:22 +00:00
}
]
}
