Details of VAR-201704-0029

ID

VAR-201704-0029

CVE

CVE-2016-4032

TITLE

plural Samsung In the device Android Vulnerability to change settings

Trust: 0.8

sources: JVNDB: JVNDB-2016-008460

DESCRIPTION

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301. Vendors have confirmed this vulnerability SVE-2016-5301 It is released as.By the attacker, AT By using access to AT A command may be sent. SamsungSM-G920F (GalaxyS6) and so on are all smartphones released by South Korea's Samsung. There are security bypass vulnerabilities in several Samsung phones. Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks

Trust: 2.61

sources: NVD: CVE-2016-4032 // JVNDB: JVNDB-2016-008460 // CNVD: CNVD-2017-07192 // BID: 97650 // VULHUB: VHN-92851 // VULMON: CVE-2016-4032

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-07192

AFFECTED PRODUCTS

vendor:	samsung	model:	galaxy s4 mini lte	scope:	eq	version:	i9195xxucol1	Trust: 2.4
vendor:	samsung	model:	galaxy s4 mini	scope:	eq	version:	i9192xxubnb1	Trust: 2.4
vendor:	samsung	model:	galaxy s4	scope:	eq	version:	i9505xxuhoj2	Trust: 2.4
vendor:	samsung	model:	galaxy s6	scope:	eq	version:	g920fxxu2coh2	Trust: 2.4
vendor:	samsung	model:	galaxy note 3	scope:	eq	version:	n9005xxugbob6	Trust: 1.6
vendor:	samsung	model:	note 3	scope:	eq	version:	n9005xxugbob6	Trust: 0.8
vendor:	samsung	model:	galaxy note sm-n9005 build n9005xxugbok6	scope:	eq	version:	3	Trust: 0.6
vendor:	samsung	model:	galaxy s6 sm-g920f build g920fxxu2coh2	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	galaxy s4 mini gt-i9192 build i9192xxubnb1	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	galaxy s4 mini lte gt-i9195 build i9195xxucol1	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	galaxy s4 gt-i9505 build i9505xxuhoj2	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	galaxy s6 sm-g920f build g920f	scope:	-	version:	-	Trust: 0.3
vendor:	samsung	model:	galaxy s4 mini lte gt-i9195 build i9195	scope:	-	version:	-	Trust: 0.3
vendor:	samsung	model:	galaxy s4 mini gt-i9192 build i9192	scope:	-	version:	-	Trust: 0.3
vendor:	samsung	model:	galaxy s4 gt-i9505 build i9505	scope:	-	version:	-	Trust: 0.3
vendor:	samsung	model:	galaxy note sm-n9005 build n9005	scope:	eq	version:	3	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2017-07192 // BID: 97650 // JVNDB: JVNDB-2016-008460 // CNNVD: CNNVD-201704-748 // NVD: CVE-2016-4032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4032
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-4032
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-07192
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201704-748
value:	LOW
Trust: 0.6
VULHUB:	VHN-92851
value:	LOW
Trust: 0.1
VULMON:	CVE-2016-4032
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-4032
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-07192
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-92851
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4032
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-07192 // VULHUB: VHN-92851 // VULMON: CVE-2016-4032 // JVNDB: JVNDB-2016-008460 // CNNVD: CNNVD-201704-748 // NVD: CVE-2016-4032

PROBLEMTYPE DATA

problemtype:

CWE-284

Trust: 1.9

sources: VULHUB: VHN-92851 // JVNDB: JVNDB-2016-008460 // NVD: CVE-2016-4032

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-748

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-748

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008460

PATCH

title:	SVE-2016-5301: Modem interface exposed via USB on Secure	url:	http://security.samsungmobile.com/smrupdate.html	Trust: 0.8
title:	Patches for several Samsung Mobile Security Surveillance Vulnerabilities (CNVD-2017-07192)	url:	https://www.cnvd.org.cn/patchInfo/show/94088	Trust: 0.6
title:	Multiple Samsung Mobile phone security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70226	Trust: 0.6
title:	SM-A217F_forensics	url:	https://github.com/Tomiwa-Ot/SM-A217F_forensics	Trust: 0.1

sources: CNVD: CNVD-2017-07192 // VULMON: CVE-2016-4032 // JVNDB: JVNDB-2016-008460 // CNNVD: CNNVD-201704-748

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4032	Trust: 3.5
db:	BID	id:	97650	Trust: 2.1
db:	JVNDB	id:	JVNDB-2016-008460	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-748	Trust: 0.7
db:	CNVD	id:	CNVD-2017-07192	Trust: 0.6
db:	VULHUB	id:	VHN-92851	Trust: 0.1
db:	VULMON	id:	CVE-2016-4032	Trust: 0.1

sources: CNVD: CNVD-2017-07192 // VULHUB: VHN-92851 // VULMON: CVE-2016-4032 // BID: 97650 // JVNDB: JVNDB-2016-008460 // CNNVD: CNNVD-201704-748 // NVD: CVE-2016-4032

REFERENCES

url:	https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004	Trust: 3.5
url:	http://www.securityfocus.com/bid/97650	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4032	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4032	Trust: 0.8
url:	http://www.samsung.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/284.html	Trust: 0.1
url:	https://github.com/tomiwa-ot/sm-a217f_forensics	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-07192 // VULHUB: VHN-92851 // VULMON: CVE-2016-4032 // BID: 97650 // JVNDB: JVNDB-2016-008460 // CNNVD: CNNVD-201704-748 // NVD: CVE-2016-4032

CREDITS

Roberto Paleari (@rpaleari) and Aristide Fattori (@joystick).

Trust: 0.3

sources: BID: 97650

SOURCES

db:	CNVD	id:	CNVD-2017-07192
db:	VULHUB	id:	VHN-92851
db:	VULMON	id:	CVE-2016-4032
db:	BID	id:	97650
db:	JVNDB	id:	JVNDB-2016-008460
db:	CNNVD	id:	CNNVD-201704-748
db:	NVD	id:	CVE-2016-4032

LAST UPDATE DATE

2024-11-23T22:07:26.701000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-07192	date:	2017-05-22T00:00:00
db:	VULHUB	id:	VHN-92851	date:	2017-04-25T00:00:00
db:	VULMON	id:	CVE-2016-4032	date:	2017-04-25T00:00:00
db:	BID	id:	97650	date:	2017-04-18T00:06:00
db:	JVNDB	id:	JVNDB-2016-008460	date:	2017-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201704-748	date:	2017-05-17T00:00:00
db:	NVD	id:	CVE-2016-4032	date:	2024-11-21T02:51:12.373

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-07192	date:	2017-05-22T00:00:00
db:	VULHUB	id:	VHN-92851	date:	2017-04-13T00:00:00
db:	VULMON	id:	CVE-2016-4032	date:	2017-04-13T00:00:00
db:	BID	id:	97650	date:	2017-04-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-008460	date:	2017-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201704-748	date:	2017-04-13T00:00:00
db:	NVD	id:	CVE-2016-4032	date:	2017-04-13T16:59:01.237