var-202201-1691
Vulnerability from variot

Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. Android Exists in a vulnerability in externally accessible files or directories.Information may be obtained. Samsung BluetoothSettingsProvider is the Bluetooth function of Samsung mobile devices.

There is an information disclosure vulnerability in Samsung BluetoothSettingsProvider. The vulnerability is caused by sensitive data being stored in the unprotected BluetoothSettingsProvider. An attacker can use this vulnerability to obtain the local Bluetooth MAC address

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202201-1691",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "11.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "10.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "9.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "google",
        "version": null
      },
      {
        "model": "android",
        "scope": null,
        "trust": 0.8,
        "vendor": "google",
        "version": null
      },
      {
        "model": "mobile devices p",
        "scope": null,
        "trust": 0.6,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "mobile devices q",
        "scope": null,
        "trust": 0.6,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "mobile devices r",
        "scope": null,
        "trust": 0.6,
        "vendor": "samsung",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-95327"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002957"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22269"
      }
    ]
  },
  "cve": "CVE-2022-22269",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-22269",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2023-95327",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.8,
            "id": "CVE-2022-22269",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "mobile.security@samsung.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.5,
            "id": "CVE-2022-22269",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.3,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2022-22269",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-22269",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "mobile.security@samsung.com",
            "id": "CVE-2022-22269",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-22269",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-95327",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202201-618",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-22269",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-95327"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-618"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22269"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22269"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. Android Exists in a vulnerability in externally accessible files or directories.Information may be obtained. Samsung BluetoothSettingsProvider is the Bluetooth function of Samsung mobile devices. \n\r\n\r\nThere is an information disclosure vulnerability in Samsung BluetoothSettingsProvider. The vulnerability is caused by sensitive data being stored in the unprotected BluetoothSettingsProvider. An attacker can use this vulnerability to obtain the local Bluetooth MAC address",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002957"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-95327"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22269"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22269",
        "trust": 3.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002957",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-95327",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-618",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22269",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-95327"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-618"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22269"
      }
    ]
  },
  "id": "VAR-202201-1691",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-95327"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-95327"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:40:36.966000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "top page",
        "trust": 0.8,
        "url": "https://www.android.com/"
      },
      {
        "title": "Patch for Samsung BluetoothSettingsProvider information leakage vulnerability (Bluetooth MAC)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/355486"
      },
      {
        "title": "Samsung SMR Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178085"
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-23305 "
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-RCE "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-95327"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-618"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-552",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-285",
        "trust": 1.0
      },
      {
        "problemtype": "Externally accessible file or directory (CWE-552) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002957"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22269"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://security.samsungmobile.com/securityupdate.smsb?year=2022\u0026month=1"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22269"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/552.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-95327"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-618"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22269"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-95327"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002957"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-618"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22269"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-10-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-95327"
      },
      {
        "date": "2022-01-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22269"
      },
      {
        "date": "2023-01-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-002957"
      },
      {
        "date": "2022-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-618"
      },
      {
        "date": "2022-01-10T14:12:40.230000",
        "db": "NVD",
        "id": "CVE-2022-22269"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-12-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-95327"
      },
      {
        "date": "2022-01-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22269"
      },
      {
        "date": "2023-01-31T05:26:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-002957"
      },
      {
        "date": "2022-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-618"
      },
      {
        "date": "2024-11-21T06:46:31.640000",
        "db": "NVD",
        "id": "CVE-2022-22269"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-618"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Android\u00a0 Vulnerability in externally accessible files or directories in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-002957"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-618"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.