Details of VAR-201611-0321

ID

VAR-201611-0321

CVE

CVE-2016-9567

TITLE

Samsung Mobile S7 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-11551 // CNNVD: CNNVD-201611-532

DESCRIPTION

The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343. SamsungMobile is a series of smart mobile devices released by South Korea's Samsung. Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Samsung Galaxy devices with Marshmallow 6.0 are vulnerable

Trust: 2.43

sources: NVD: CVE-2016-9567 // JVNDB: JVNDB-2016-005939 // CNVD: CNVD-2016-11551 // BID: 94494

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-11551

AFFECTED PRODUCTS

vendor:	samsung	model:	mobile	scope:	eq	version:	6.0	Trust: 2.2
vendor:	samsung	model:	mobile	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	galaxy s7	scope:	eq	version:	0	Trust: 0.3
vendor:	samsung	model:	galaxy s6 edge	scope:	eq	version:	0	Trust: 0.3
vendor:	samsung	model:	galaxy s6	scope:	eq	version:	0	Trust: 0.3
vendor:	samsung	model:	galaxy s5	scope:	eq	version:	0	Trust: 0.3
vendor:	samsung	model:	galaxy s4 mini	scope:	eq	version:	0	Trust: 0.3
vendor:	samsung	model:	galaxy s4	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	6.0	Trust: 0.3

sources: CNVD: CNVD-2016-11551 // BID: 94494 // JVNDB: JVNDB-2016-005939 // CNNVD: CNNVD-201611-532 // NVD: CVE-2016-9567

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9567
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-9567
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-11551
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201611-532
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2016-9567
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-11551
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-9567
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-11551 // JVNDB: JVNDB-2016-005939 // CNNVD: CNNVD-201611-532 // NVD: CVE-2016-9567

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2016-005939 // NVD: CVE-2016-9567

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-532

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201611-532

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005939

PATCH

title:	SVE-2016-6343	url:	http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016	Trust: 0.8
title:	SamsungMobileS7 Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/84438	Trust: 0.6
title:	Samsung Mobile S7 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65867	Trust: 0.6

sources: CNVD: CNVD-2016-11551 // JVNDB: JVNDB-2016-005939 // CNNVD: CNNVD-201611-532

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9567	Trust: 3.3
db:	BID	id:	94494	Trust: 1.9
db:	JVNDB	id:	JVNDB-2016-005939	Trust: 0.8
db:	CNVD	id:	CNVD-2016-11551	Trust: 0.6
db:	CNNVD	id:	CNNVD-201611-532	Trust: 0.6

sources: CNVD: CNVD-2016-11551 // BID: 94494 // JVNDB: JVNDB-2016-005939 // CNNVD: CNNVD-201611-532 // NVD: CVE-2016-9567

REFERENCES

url:	http://security.samsungmobile.com/smrupdate.html#smr-nov-2016	Trust: 1.9
url:	http://www.securityfocus.com/bid/94494	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9567	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9567	Trust: 0.8
url:	http://security.samsungmobile.com/smrupdate.html#smr	Trust: 0.6
url:	http://www.samsung.com/	Trust: 0.3

sources: CNVD: CNVD-2016-11551 // BID: 94494 // JVNDB: JVNDB-2016-005939 // CNNVD: CNNVD-201611-532 // NVD: CVE-2016-9567

CREDITS

Zhaozhanpeng of Cheetah Mobile.

Trust: 0.3

sources: BID: 94494

SOURCES

db:	CNVD	id:	CNVD-2016-11551
db:	BID	id:	94494
db:	JVNDB	id:	JVNDB-2016-005939
db:	CNNVD	id:	CNNVD-201611-532
db:	NVD	id:	CVE-2016-9567

LAST UPDATE DATE

2024-11-23T22:45:47.825000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-11551	date:	2016-11-28T00:00:00
db:	BID	id:	94494	date:	2016-11-24T00:17:00
db:	JVNDB	id:	JVNDB-2016-005939	date:	2016-11-28T00:00:00
db:	CNNVD	id:	CNNVD-201611-532	date:	2016-11-24T00:00:00
db:	NVD	id:	CVE-2016-9567	date:	2024-11-21T03:01:24.333

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-11551	date:	2016-11-28T00:00:00
db:	BID	id:	94494	date:	2016-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2016-005939	date:	2016-11-28T00:00:00
db:	CNNVD	id:	CNNVD-201611-532	date:	2016-11-24T00:00:00
db:	NVD	id:	CVE-2016-9567	date:	2016-11-23T11:59:02.873