ID

VAR-201704-0027


CVE

CVE-2016-4030


TITLE

plural Samsung Device access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008458

DESCRIPTION

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301. Vendors have confirmed this vulnerability SVE-2016-5301 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. SamsungSM-G920F (GalaxyS6) and so on are all smartphones released by South Korea's Samsung. There are security bypass vulnerabilities in several Samsung phones. An attacker could use the vulnerability to make a call, send a text message, or post a command. Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks

Trust: 2.52

sources: NVD: CVE-2016-4030 // JVNDB: JVNDB-2016-008458 // CNVD: CNVD-2017-07191 // BID: 97701 // VULHUB: VHN-92849

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-07191

AFFECTED PRODUCTS

vendor:samsungmodel:galaxy s4 mini ltescope:eqversion:i9195xxucol1

Trust: 2.4

vendor:samsungmodel:galaxy s4 miniscope:eqversion:i9192xxubnb1

Trust: 2.4

vendor:samsungmodel:galaxy s4scope:eqversion:i9505xxuhoj2

Trust: 2.4

vendor:samsungmodel:galaxy s6scope:eqversion:g920fxxu2coh2

Trust: 2.4

vendor:samsungmodel:galaxy note 3scope:eqversion:n9005xxugbob6

Trust: 1.6

vendor:samsungmodel:note 3scope:eqversion:n9005xxugbob6

Trust: 0.8

vendor:samsungmodel:galaxy note sm-n9005 build n9005xxugbok6scope:eqversion:3

Trust: 0.6

vendor:samsungmodel:galaxy s4 mini gt-i9192 build i9192xxubnb1scope: - version: -

Trust: 0.6

vendor:samsungmodel:galaxy s4 mini lte gt-i9195 build i9195xxucol1scope: - version: -

Trust: 0.6

vendor:samsungmodel:galaxy s4 gt-i9505 build i9505xxuhoj2scope: - version: -

Trust: 0.6

vendor:samsungmodel:galaxy s6 sm-g920f build g920fscope: - version: -

Trust: 0.3

vendor:samsungmodel:galaxy s4 mini lte gt-i9195 build i9195scope: - version: -

Trust: 0.3

vendor:samsungmodel:galaxy s4 mini gt-i9192 build i9192scope: - version: -

Trust: 0.3

vendor:samsungmodel:galaxy s4 gt-i9505 build i9505scope: - version: -

Trust: 0.3

vendor:samsungmodel:galaxy note sm-n9005 build n9005scope:eqversion:3

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-07191 // BID: 97701 // JVNDB: JVNDB-2016-008458 // CNNVD: CNNVD-201704-750 // NVD: CVE-2016-4030

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4030
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-4030
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-07191
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-750
value: MEDIUM

Trust: 0.6

VULHUB: VHN-92849
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4030
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-07191
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-92849
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4030
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-07191 // VULHUB: VHN-92849 // JVNDB: JVNDB-2016-008458 // CNNVD: CNNVD-201704-750 // NVD: CVE-2016-4030

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

sources: VULHUB: VHN-92849 // JVNDB: JVNDB-2016-008458 // NVD: CVE-2016-4030

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-750

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-750

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:samsung:galaxy_s4_mini_lte_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:samsung:galaxy_s4_mini_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:samsung:galaxy_s4_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:samsung:galaxy_s6_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:samsung:galaxy_note_3_firmware"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2016-008458

PATCH

title:SVE-2016-5301: Modem interface exposed via USB on Secureurl:http://security.samsungmobile.com/smrupdate.html

Trust: 0.8

title:A variety of Samsung mobile phone security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/94087

Trust: 0.6

title:Multiple Samsung Mobile phone security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70228

Trust: 0.6

sources: CNVD: CNVD-2017-07191 // JVNDB: JVNDB-2016-008458 // CNNVD: CNNVD-201704-750

EXTERNAL IDS

db:NVDid:CVE-2016-4030

Trust: 3.4

db:BIDid:97701

Trust: 1.4

db:JVNDBid:JVNDB-2016-008458

Trust: 0.8

db:CNNVDid:CNNVD-201704-750

Trust: 0.7

db:CNVDid:CNVD-2017-07191

Trust: 0.6

db:VULHUBid:VHN-92849

Trust: 0.1

sources: CNVD: CNVD-2017-07191 // VULHUB: VHN-92849 // BID: 97701 // JVNDB: JVNDB-2016-008458 // CNNVD: CNNVD-201704-750 // NVD: CVE-2016-4030

REFERENCES

url:https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004

Trust: 3.4

url:http://www.securityfocus.com/bid/97701

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4030

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-4030

Trust: 0.8

url:http://www.samsung.com/

Trust: 0.3

sources: CNVD: CNVD-2017-07191 // VULHUB: VHN-92849 // BID: 97701 // JVNDB: JVNDB-2016-008458 // CNNVD: CNNVD-201704-750 // NVD: CVE-2016-4030

CREDITS

Roberto Paleari (@rpaleari) and Aristide Fattori (@joystick).

Trust: 0.3

sources: BID: 97701

SOURCES

db:CNVDid:CNVD-2017-07191
db:VULHUBid:VHN-92849
db:BIDid:97701
db:JVNDBid:JVNDB-2016-008458
db:CNNVDid:CNNVD-201704-750
db:NVDid:CVE-2016-4030

LAST UPDATE DATE

2024-11-23T22:07:26.665000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-07191date:2017-05-22T00:00:00
db:VULHUBid:VHN-92849date:2017-04-25T00:00:00
db:BIDid:97701date:2017-04-18T00:07:00
db:JVNDBid:JVNDB-2016-008458date:2017-05-19T00:00:00
db:CNNVDid:CNNVD-201704-750date:2017-05-17T00:00:00
db:NVDid:CVE-2016-4030date:2024-11-21T02:51:12.043

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-07191date:2017-05-22T00:00:00
db:VULHUBid:VHN-92849date:2017-04-13T00:00:00
db:BIDid:97701date:2017-04-13T00:00:00
db:JVNDBid:JVNDB-2016-008458date:2017-05-19T00:00:00
db:CNNVDid:CNNVD-201704-750date:2017-04-13T00:00:00
db:NVDid:CVE-2016-4030date:2017-04-13T16:59:01.177