Sign-up

ID

VAR-201704-0028


CVE

CVE-2016-4031


TITLE

plural Samsung In the device AT Command sent vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008459

DESCRIPTION

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301. Vendors have confirmed this vulnerability SVE-2016-5301 It is released as.The attacker can Linux By connecting to the host, AT A command may be sent. AndroidforSamsungGalaxyS6Edge is a Linux-based open source operating system developed by Samsung and the Open Handheld Device Alliance (OHA) in the United States for smartphones released by South Korea's Samsung. There are security bypass vulnerabilities in multiple SamsungGalaxy products. An attacker could exploit this vulnerability to bypass certain security restrictions and perform unauthorized operations. This may lead to further attacks

Trust: 2.52

sources: NVD: CVE-2016-4031 // JVNDB: JVNDB-2016-008459 // CNVD: CNVD-2017-05972 // BID: 97703 // VULHUB: VHN-92850

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-05972

AFFECTED PRODUCTS

vendor:samsungmodel:galaxy s4 mini ltescope:eqversion:i9195xxucol1

Trust: 2.4

vendor:samsungmodel:galaxy s4 miniscope:eqversion:i9192xxubnb1

Trust: 2.4

vendor:samsungmodel:galaxy s4scope:eqversion:i9505xxuhoj2

Trust: 2.4

vendor:samsungmodel:galaxy s6scope:eqversion:g920fxxu2coh2

Trust: 2.4

vendor:samsungmodel:galaxy note 3scope:eqversion:n9005xxugbob6

Trust: 1.6

vendor:samsungmodel:galaxy s6 sm-g920f build g920fscope: - version: -

Trust: 0.9

vendor:samsungmodel:galaxy s4 mini lte gt-i9195 build i9195scope: - version: -

Trust: 0.9

vendor:samsungmodel:galaxy s4 mini gt-i9192 build i9192scope: - version: -

Trust: 0.9

vendor:samsungmodel:galaxy note sm-n9005 build n9005scope:eqversion:3

Trust: 0.9

vendor:samsungmodel:note 3scope:eqversion:n9005xxugbob6

Trust: 0.8

vendor:samsungmodel:galaxy s4 mini gt-i9505 build i9505scope: - version: -

Trust: 0.6

vendor:samsungmodel:galaxy s4 gt-i9505 build i9505scope: - version: -

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-05972 // BID: 97703 // JVNDB: JVNDB-2016-008459 // CNNVD: CNNVD-201704-749 // NVD: CVE-2016-4031

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4031
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-4031
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-05972
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-749
value: MEDIUM

Trust: 0.6

VULHUB: VHN-92850
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4031
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-05972
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-92850
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4031
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-05972 // VULHUB: VHN-92850 // JVNDB: JVNDB-2016-008459 // CNNVD: CNNVD-201704-749 // NVD: CVE-2016-4031

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

sources: VULHUB: VHN-92850 // JVNDB: JVNDB-2016-008459 // NVD: CVE-2016-4031

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-749

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-749

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008459

PATCH
title:SVE-2016-5301: Modem interface exposed via USB on Secureurl:http://security.samsungmobile.com/smrupdate.html
Trust: 0.8
title:Patches for multiple Samsung Galaxy product security bypass vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/93199
Trust: 0.6
title:Multiple Samsung Mobile phone security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70227
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05972 // 
            
            
            
            JVNDB: JVNDB-2016-008459 // 
            
            
            
            CNNVD: CNNVD-201704-749

EXTERNAL IDS
db:NVDid:CVE-2016-4031
Trust: 3.4
db:BIDid:97703
Trust: 2.0
db:JVNDBid:JVNDB-2016-008459
Trust: 0.8
db:CNNVDid:CNNVD-201704-749
Trust: 0.7
db:CNVDid:CNVD-2017-05972
Trust: 0.6
db:VULHUBid:VHN-92850
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-05972 // 
            
            
            
            VULHUB: VHN-92850 // 
            
            
            
            BID: 97703 // 
            
            
            
            JVNDB: JVNDB-2016-008459 // 
            
            
            
            CNNVD: CNNVD-201704-749 // 
            
            
            
            NVD: CVE-2016-4031

REFERENCES
url:https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004
Trust: 2.8
url:http://www.securityfocus.com/bid/97703
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4031
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-4031
Trust: 0.8
url:http://www.samsung.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-05972 // 
            
            
            
            VULHUB: VHN-92850 // 
            
            
            
            BID: 97703 // 
            
            
            
            JVNDB: JVNDB-2016-008459 // 
            
            
            
            CNNVD: CNNVD-201704-749 // 
            
            
            
            NVD: CVE-2016-4031

CREDITS
Roberto Paleari (@rpaleari) and Aristide Fattori (@joystick).
Trust: 0.3
sources:
            
            
            BID: 97703

SOURCES
db:CNVDid:CNVD-2017-05972
db:VULHUBid:VHN-92850
db:BIDid:97703
db:JVNDBid:JVNDB-2016-008459
db:CNNVDid:CNNVD-201704-749
db:NVDid:CVE-2016-4031

LAST UPDATE DATE
2024-11-23T22:07:26.745000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-05972date:2017-05-05T00:00:00
db:VULHUBid:VHN-92850date:2017-04-25T00:00:00
db:BIDid:97703date:2017-04-18T00:07:00
db:JVNDBid:JVNDB-2016-008459date:2017-05-19T00:00:00
db:CNNVDid:CNNVD-201704-749date:2017-05-17T00:00:00
db:NVDid:CVE-2016-4031date:2024-11-21T02:51:12.210

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-05972date:2017-05-05T00:00:00
db:VULHUBid:VHN-92850date:2017-04-13T00:00:00
db:BIDid:97703date:2017-04-13T00:00:00
db:JVNDBid:JVNDB-2016-008459date:2017-05-19T00:00:00
db:CNNVDid:CNNVD-201704-749date:2017-04-13T00:00:00
db:NVDid:CVE-2016-4031date:2017-04-13T16:59:01.207