CVE-2018-21039 - An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission

CVE-2018-21039

Summary

An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission for the compass feature in Quick Tools (aka QuickTools), an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 (December 2018).

References

https://security.samsungmobile.com/securityUpdate.smsb

Vulnerable Configurations

cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 09-04-2020 - 19:06)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

confirm

https://security.samsungmobile.com/securityUpdate.smsb

Last major update

09-04-2020 - 19:06

Published

08-04-2020 - 17:15

Last modified

09-04-2020 - 19:06