var-202202-1806
Vulnerability from variot

Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. Android There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Exynos is a SoC developed and produced by Samsung Mobile and a processor based on Arm architecture for Samsung mobile devices. Baseband is a circuit in a mobile phone that is responsible for demodulating, descrambling, despreading and decoding wireless signals in mobile networks, and passing the final decoded digital signal to the upper-layer processing system for processing

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202202-1806",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mobile devices q",
        "scope": null,
        "trust": 1.2,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "mobile devices s",
        "scope": null,
        "trust": 1.2,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "12.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "11.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "10.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "google",
        "version": null
      },
      {
        "model": "android",
        "scope": null,
        "trust": 0.8,
        "vendor": "google",
        "version": null
      },
      {
        "model": "mobile devices r",
        "scope": null,
        "trust": 0.6,
        "vendor": "samsung",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-09551"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-005407"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23425"
      }
    ]
  },
  "cve": "CVE-2022-23425",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-23425",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2024-09551",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-23425",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "mobile.security@samsung.com",
            "availabilityImpact": "LOW",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-23425",
            "impactScore": 4.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-23425",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-23425",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "mobile.security@samsung.com",
            "id": "CVE-2022-23425",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-23425",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2024-09551",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202202-1064",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-23425",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-09551"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23425"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-005407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-1064"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23425"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23425"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. Android There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Exynos is a SoC developed and produced by Samsung Mobile and a processor based on Arm architecture for Samsung mobile devices. Baseband is a circuit in a mobile phone that is responsible for demodulating, descrambling, despreading and decoding wireless signals in mobile networks, and passing the final decoded digital signal to the upper-layer processing system for processing",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-23425"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-005407"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-09551"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23425"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-23425",
        "trust": 3.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-005407",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-09551",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-1064",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23425",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-09551"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23425"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-005407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-1064"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23425"
      }
    ]
  },
  "id": "VAR-202202-1806",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-09551"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-09551"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:47:29.930000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top\u00a0Page",
        "trust": 0.8,
        "url": "https://www.android.com/"
      },
      {
        "title": "Patch for Samsung Exynos baseband input validation error vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/526571"
      },
      {
        "title": "Samsung Exynos Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183879"
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-23305 "
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-RCE "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-09551"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23425"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-005407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-1064"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-005407"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23425"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://security.samsungmobile.com/securityupdate.smsb?year=2022\u0026month=2"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23425"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-09551"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23425"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-005407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-1064"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23425"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-09551"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23425"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-005407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-1064"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23425"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-10-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-09551"
      },
      {
        "date": "2022-02-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-23425"
      },
      {
        "date": "2023-05-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-005407"
      },
      {
        "date": "2022-02-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202202-1064"
      },
      {
        "date": "2022-02-11T18:15:11.320000",
        "db": "NVD",
        "id": "CVE-2022-23425"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-02-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-09551"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-23425"
      },
      {
        "date": "2023-05-30T07:11:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-005407"
      },
      {
        "date": "2022-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202202-1064"
      },
      {
        "date": "2024-11-21T06:48:31.850000",
        "db": "NVD",
        "id": "CVE-2022-23425"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-1064"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Android\u00a0 Input verification vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-005407"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202202-1064"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.