cnvd - cnvd-2022-87954

cnvd-2022-87954

Vulnerability from cnvd

Title

SAMSUNG Mobile devices ProfileSharingAccount访问控制错误漏洞

Description

SAMSUNG Mobile devices是韩国三星（SAMSUNG）公司的一系列的三星移动设备，包括手机、平板等。 SAMSUNG Mobile devices Android S(12) 13.0.6.15之前版本、Android R(11) 13.0.6.14存在访问控制错误漏洞，该漏洞源于群组共享中ProfileSharingAccount存在访问控制不当。攻击者可利用该漏洞识别设备。

Severity

中

Patch Name

SAMSUNG Mobile devices ProfileSharingAccount访问控制错误漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10

Reference

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10

Impacted products

Name
['Samsung Samsung mobile devices android S(12) 13.0.6.15', 'Samsung Samsung mobile devices Android R(11) 13.0.6.14']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-39877",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-39877"
    }
  },
  "description": "SAMSUNG Mobile devices\u662f\u97e9\u56fd\u4e09\u661f\uff08SAMSUNG\uff09\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u7684\u4e09\u661f\u79fb\u52a8\u8bbe\u5907\uff0c\u5305\u62ec\u624b\u673a\u3001\u5e73\u677f\u7b49\u3002\n\nSAMSUNG Mobile devices Android S(12) 13.0.6.15\u4e4b\u524d\u7248\u672c\u3001Android R(11) 13.0.6.14\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7fa4\u7ec4\u5171\u4eab\u4e2dProfileSharingAccount\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bc6\u522b\u8bbe\u5907\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-87954",
  "openTime": "2022-12-15",
  "patchDescription": "SAMSUNG Mobile devices\u662f\u97e9\u56fd\u4e09\u661f\uff08SAMSUNG\uff09\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u7684\u4e09\u661f\u79fb\u52a8\u8bbe\u5907\uff0c\u5305\u62ec\u624b\u673a\u3001\u5e73\u677f\u7b49\u3002\r\n\r\nSAMSUNG Mobile devices Android S(12) 13.0.6.15\u4e4b\u524d\u7248\u672c\u3001Android R(11) 13.0.6.14\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7fa4\u7ec4\u5171\u4eab\u4e2dProfileSharingAccount\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bc6\u522b\u8bbe\u5907\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAMSUNG Mobile devices ProfileSharingAccount\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Samsung Samsung mobile devices android S(12) 13.0.6.15",
      "Samsung Samsung mobile devices Android R(11) 13.0.6.14"
    ]
  },
  "referenceLink": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10",
  "serverity": "\u4e2d",
  "submitTime": "2022-10-10",
  "title": "SAMSUNG Mobile devices ProfileSharingAccount\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2022-39877 (GCVE-0-2022-39877)

Vulnerability from cvelistv5

Published

2022-10-07 00:00

Modified

2025-05-20 14:49

Severity ?

4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-284 - Improper Access Control

Summary

Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.

References

URL

Tags