Details of VAR-201212-0065

ID

VAR-201212-0065

CVE

CVE-2012-6337

TITLE

plural Samsung Galaxy On the device Android for SamsungDive Vulnerabilities that prevent device discovery

Trust: 0.8

sources: JVNDB: JVNDB-2012-005834

DESCRIPTION

The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data. SamsungDive for Android is prone to a spoofing vulnerability

Trust: 1.89

sources: NVD: CVE-2012-6337 // JVNDB: JVNDB-2012-005834 // BID: 57131

AFFECTED PRODUCTS

vendor:	samsung	model:	samsungdive	scope:	eq	version:	-	Trust: 1.6
vendor:	samsung	model:	samsungdive	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	samsungdive	scope:	eq	version:	0	Trust: 0.3
vendor:	samsung	model:	galaxy s ii	scope:	eq	version:	0	Trust: 0.3
vendor:	samsung	model:	galaxy s	scope:	eq	version:	0	Trust: 0.3
vendor:	samsung	model:	galaxy note ii	scope:	eq	version:	0	Trust: 0.3

sources: BID: 57131 // JVNDB: JVNDB-2012-005834 // CNNVD: CNNVD-201301-004 // NVD: CVE-2012-6337

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-6337
value:	LOW
Trust: 1.0
NVD:	CVE-2012-6337
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201301-004
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2012-6337
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2012-005834 // CNNVD: CNNVD-201301-004 // NVD: CVE-2012-6337

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2012-005834 // NVD: CVE-2012-6337

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201301-004

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201301-004

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-005834

PATCH

title:

SamsungDive

url:

http://www.samsungdive.com/DiveMain.do

Trust: 0.8

sources: JVNDB: JVNDB-2012-005834

EXTERNAL IDS

db:	NVD	id:	CVE-2012-6337	Trust: 2.7
db:	JVNDB	id:	JVNDB-2012-005834	Trust: 0.8
db:	CNNVD	id:	CNNVD-201301-004	Trust: 0.6
db:	BID	id:	57131	Trust: 0.3

sources: BID: 57131 // JVNDB: JVNDB-2012-005834 // CNNVD: CNNVD-201301-004 // NVD: CVE-2012-6337

REFERENCES

url:	http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html	Trust: 2.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6337	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6337	Trust: 0.8
url:	http://www.samsung.com/	Trust: 0.3

sources: BID: 57131 // JVNDB: JVNDB-2012-005834 // CNNVD: CNNVD-201301-004 // NVD: CVE-2012-6337

CREDITS

Jiten Jain

Trust: 0.3

sources: BID: 57131

SOURCES

db:	BID	id:	57131
db:	JVNDB	id:	JVNDB-2012-005834
db:	CNNVD	id:	CNNVD-201301-004
db:	NVD	id:	CVE-2012-6337

LAST UPDATE DATE

2024-11-23T22:59:48.356000+00:00

SOURCES UPDATE DATE

db:	BID	id:	57131	date:	2012-12-31T00:00:00
db:	JVNDB	id:	JVNDB-2012-005834	date:	2013-01-04T00:00:00
db:	CNNVD	id:	CNNVD-201301-004	date:	2013-01-08T00:00:00
db:	NVD	id:	CVE-2012-6337	date:	2024-11-21T01:46:01.960

SOURCES RELEASE DATE

db:	BID	id:	57131	date:	2012-12-31T00:00:00
db:	JVNDB	id:	JVNDB-2012-005834	date:	2013-01-04T00:00:00
db:	CNNVD	id:	CNNVD-201301-004	date:	2013-01-04T00:00:00
db:	NVD	id:	CVE-2012-6337	date:	2012-12-31T11:50:28.237