Details of VAR-201701-0789

ID

VAR-201701-0789

CVE

CVE-2017-5350

TITLE

Samsung Note In device software systemUI Vulnerabilities that cause crashes

Trust: 0.8

sources: JVNDB: JVNDB-2017-001057

DESCRIPTION

Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122. SamsungNote is a smartphone released by Samsung in South Korea. The SamsungNote device failed to handle exceptions correctly, allowing remote attackers to exploit the vulnerability to build malicious applications, trigger systemUI crashes, and denial of service. Multiple Samsung Android Mobile devices are prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the system, resulting in denial-of-service conditions

Trust: 2.43

sources: NVD: CVE-2017-5350 // JVNDB: JVNDB-2017-001057 // CNVD: CNVD-2017-00582 // BID: 95424

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-00582

AFFECTED PRODUCTS

vendor:	samsung	model:	mobile	scope:	eq	version:	6.0	Trust: 1.6
vendor:	samsung	model:	mobile	scope:	eq	version:	7.0	Trust: 1.6
vendor:	samsung	model:	mobile	scope:	eq	version:	5.1	Trust: 1.6
vendor:	samsung	model:	mobile	scope:	eq	version:	5.0	Trust: 1.6
vendor:	samsung	model:	mobile	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile phones	scope:	eq	version:	5.0	Trust: 0.6
vendor:	samsung	model:	mobile phones	scope:	eq	version:	5.1	Trust: 0.6
vendor:	samsung	model:	mobile phones	scope:	eq	version:	6.0	Trust: 0.6
vendor:	samsung	model:	mobile phones	scope:	eq	version:	7.0	Trust: 0.6
vendor:	google	model:	android	scope:	eq	version:	7.0	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	6.0	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	5.1	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	5.0	Trust: 0.3

sources: CNVD: CNVD-2017-00582 // BID: 95424 // JVNDB: JVNDB-2017-001057 // CNNVD: CNNVD-201701-309 // NVD: CVE-2017-5350

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5350
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-5350
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-00582
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201701-309
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-5350
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-00582
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-5350
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-00582 // JVNDB: JVNDB-2017-001057 // CNNVD: CNNVD-201701-309 // NVD: CVE-2017-5350

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-388	Trust: 0.8

sources: JVNDB: JVNDB-2017-001057 // NVD: CVE-2017-5350

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-309

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201701-309

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001057

PATCH

title:	SVE-2016-7122: Unexpected SystemUI FC driven by arbitrary application	url:	http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017	Trust: 0.8
title:	SamsungNote denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/88115	Trust: 0.6
title:	Samsung Note Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66973	Trust: 0.6

sources: CNVD: CNVD-2017-00582 // JVNDB: JVNDB-2017-001057 // CNNVD: CNNVD-201701-309

EXTERNAL IDS

db:	NVD	id:	CVE-2017-5350	Trust: 3.3
db:	BID	id:	95424	Trust: 3.3
db:	JVNDB	id:	JVNDB-2017-001057	Trust: 0.8
db:	CNVD	id:	CNVD-2017-00582	Trust: 0.6
db:	CNNVD	id:	CNNVD-201701-309	Trust: 0.6

sources: CNVD: CNVD-2017-00582 // BID: 95424 // JVNDB: JVNDB-2017-001057 // CNNVD: CNNVD-201701-309 // NVD: CVE-2017-5350

REFERENCES

url:	http://www.securityfocus.com/bid/95424	Trust: 2.4
url:	http://security.samsungmobile.com/smrupdate.html#smr-jan-2017	Trust: 1.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5350	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5350	Trust: 0.8
url:	http://security.samsungmobile.com/smrupdate.html#smr	Trust: 0.6
url:	http://www.samsung.com/	Trust: 0.3

sources: CNVD: CNVD-2017-00582 // BID: 95424 // JVNDB: JVNDB-2017-001057 // CNNVD: CNNVD-201701-309 // NVD: CVE-2017-5350

CREDITS

Quhe of Ant-financial Light-Year Security Lab.

Trust: 0.3

sources: BID: 95424

SOURCES

db:	CNVD	id:	CNVD-2017-00582
db:	BID	id:	95424
db:	JVNDB	id:	JVNDB-2017-001057
db:	CNNVD	id:	CNNVD-201701-309
db:	NVD	id:	CVE-2017-5350

LAST UPDATE DATE

2024-11-23T21:42:04.002000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-00582	date:	2017-01-18T00:00:00
db:	BID	id:	95424	date:	2017-01-23T04:06:00
db:	JVNDB	id:	JVNDB-2017-001057	date:	2017-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201701-309	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-5350	date:	2024-11-21T03:27:26.327

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-00582	date:	2017-01-18T00:00:00
db:	BID	id:	95424	date:	2017-01-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-001057	date:	2017-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201701-309	date:	2017-01-13T00:00:00
db:	NVD	id:	CVE-2017-5350	date:	2017-01-12T06:59:00.453