Details of VAR-201610-0196

ID

VAR-201610-0196

CVE

CVE-2016-7988

TITLE

Samsung Galaxy Vulnerabilities that trigger unintended configuration messages on devices

Trust: 0.8

sources: JVNDB: JVNDB-2016-005710

DESCRIPTION

On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542. This vulnerability SVE-2016-6542 Is part of Supplementary information : CWE Vulnerability type by CWE-275: Permission Issues ( Permission issues ) and CWE-388: Error Handling ( Error handling ) Has been identified. https://cwe.mitre.org/data/definitions/275.html https://cwe.mitre.org/data/definitions/388.htmlAndroid In the framework of wifi-service.jar Could cause unintended configuration messages to be processed by. SamsungGalaxyS4 and so on are all smart mobile devices released by South Korea's Samsung. An information modification vulnerability exists in Samsung Galaxy S4 to S7 devices due to a failure of the program to verify the BroadcastReceiver response. An attacker could exploit the vulnerability to illegally change configuration information. Remote attackers can exploit this issue to cause a denial-of-service condition

Trust: 2.43

sources: NVD: CVE-2016-7988 // JVNDB: JVNDB-2016-005710 // CNVD: CNVD-2016-10559 // BID: 94081

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-10559

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	6.0	Trust: 2.7
vendor:	google	model:	android	scope:	eq	version:	4.4	Trust: 2.7
vendor:	google	model:	android	scope:	eq	version:	6.0.1	Trust: 1.9
vendor:	google	model:	android	scope:	eq	version:	5.1.1	Trust: 1.9
vendor:	google	model:	android	scope:	eq	version:	5.0.1	Trust: 1.9
vendor:	google	model:	android	scope:	eq	version:	4.4.4	Trust: 1.9
vendor:	google	model:	android	scope:	eq	version:	4.4.3	Trust: 1.9
vendor:	google	model:	android	scope:	eq	version:	4.4.2	Trust: 1.9
vendor:	google	model:	android	scope:	eq	version:	4.4.1	Trust: 1.9
vendor:	google	model:	android	scope:	eq	version:	5.0	Trust: 1.9
vendor:	google	model:	android	scope:	eq	version:	5.0.2	Trust: 1.3
vendor:	google	model:	android	scope:	eq	version:	4.3.1	Trust: 1.3
vendor:	google	model:	android	scope:	eq	version:	4.2.2	Trust: 1.3
vendor:	google	model:	android	scope:	eq	version:	5.1	Trust: 1.3
vendor:	google	model:	android	scope:	eq	version:	4.3	Trust: 1.3
vendor:	google	model:	android	scope:	eq	version:	5.1.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	5.0/5.1	Trust: 0.8
vendor:	samsung	model:	galaxy s4	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	galaxy s4 mini	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	galaxy s5	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	galaxy s6	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	galaxy s7	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	galaxy >=s4,<=s7	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	galaxy s7	scope:	eq	version:	0	Trust: 0.3
vendor:	samsung	model:	galaxy s6	scope:	eq	version:	0	Trust: 0.3
vendor:	samsung	model:	galaxy s5	scope:	eq	version:	0	Trust: 0.3
vendor:	samsung	model:	galaxy s4 mini	scope:	eq	version:	0	Trust: 0.3
vendor:	samsung	model:	galaxy s4	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2016-10559 // BID: 94081 // JVNDB: JVNDB-2016-005710 // CNNVD: CNNVD-201610-878 // NVD: CVE-2016-7988

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7988
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-7988
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-10559
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201610-878
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2016-7988
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-10559
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-7988
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-10559 // JVNDB: JVNDB-2016-005710 // CNNVD: CNNVD-201610-878 // NVD: CVE-2016-7988

PROBLEMTYPE DATA

problemtype:	CWE-275	Trust: 1.0
problemtype:	CWE-388	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2016-005710 // NVD: CVE-2016-7988

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-878

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201610-878

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005710

PATCH

title:	トップページ	url:	https://www.android.com/intl/ja_jp/	Trust: 0.8
title:	SVE-2016-6542	url:	http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016	Trust: 0.8
title:	Patches for several SamsungGalaxy device information modification vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/83441	Trust: 0.6
title:	Multiple Samsung Galaxy Repair measures for device security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65199	Trust: 0.6

sources: CNVD: CNVD-2016-10559 // JVNDB: JVNDB-2016-005710 // CNNVD: CNNVD-201610-878

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7988	Trust: 3.3
db:	BID	id:	94081	Trust: 1.9
db:	JVNDB	id:	JVNDB-2016-005710	Trust: 0.8
db:	CNVD	id:	CNVD-2016-10559	Trust: 0.6
db:	CNNVD	id:	CNNVD-201610-878	Trust: 0.6

sources: CNVD: CNVD-2016-10559 // BID: 94081 // JVNDB: JVNDB-2016-005710 // CNNVD: CNNVD-201610-878 // NVD: CVE-2016-7988

REFERENCES

url:	http://security.samsungmobile.com/smrupdate.html#smr-aug-2016	Trust: 1.9
url:	http://www.securityfocus.com/bid/94081	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7988	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7988	Trust: 0.8
url:	http://security.samsungmobile.com/smrupdate.html#smr	Trust: 0.6
url:	http://www.samsung.com/	Trust: 0.3

sources: CNVD: CNVD-2016-10559 // BID: 94081 // JVNDB: JVNDB-2016-005710 // CNNVD: CNNVD-201610-878 // NVD: CVE-2016-7988

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 94081

SOURCES

db:	CNVD	id:	CNVD-2016-10559
db:	BID	id:	94081
db:	JVNDB	id:	JVNDB-2016-005710
db:	CNNVD	id:	CNNVD-201610-878
db:	NVD	id:	CVE-2016-7988

LAST UPDATE DATE

2024-11-23T22:59:27.406000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-10559	date:	2016-11-03T00:00:00
db:	BID	id:	94081	date:	2016-11-24T01:07:00
db:	JVNDB	id:	JVNDB-2016-005710	date:	2016-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201610-878	date:	2016-11-01T00:00:00
db:	NVD	id:	CVE-2016-7988	date:	2024-11-21T02:58:51.263

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-10559	date:	2016-11-03T00:00:00
db:	BID	id:	94081	date:	2016-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-005710	date:	2016-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201610-878	date:	2016-10-31T00:00:00
db:	NVD	id:	CVE-2016-7988	date:	2016-10-31T10:59:03.457