Sign-up

ID

VAR-201801-0938


CVE

CVE-2017-18020


TITLE

Samsung Mobile device software and Exynos Chipset input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012051

DESCRIPTION

On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598. Samsung Mobile device software and Exynos The chipset contains a vulnerability related to input validation. Vendors have confirmed this vulnerability SVE-2017-10598 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsungmobiledevices is a smart mobile device produced by South Korea's Samsung. AndroidL, M, and N are a set of Linux-based open source operating systems developed jointly by Google and the Open Handheld Device Alliance (OHA). Exynoschipsets is a processor designed and developed by Samsung in South Korea based on ARM architecture. A security vulnerability exists in Samsung mobile devices using AndroidL (5.x), M (6.x) and N (7.x) and Exynos chips. The vulnerability stems from the failure of the program to detect size when copying ramfs data into memory. value. An attacker could exploit this vulnerability to execute arbitrary code in a boot load

Trust: 2.16

sources: NVD: CVE-2017-18020 // JVNDB: JVNDB-2017-012051 // CNVD: CNVD-2018-02569

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-02569

AFFECTED PRODUCTS

vendor:samsungmodel:mobilescope:eqversion:7.1.2

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:7.1

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:6.0.1

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:7.0

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:5.1

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:6.0

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:5.1.1

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:7.1.1

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:5.0

Trust: 1.6

vendor:samsungmodel:mobilescope: - version: -

Trust: 0.8

vendor:samsungmodel:mobile devices lscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices mscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices nscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-02569 // JVNDB: JVNDB-2017-012051 // CNNVD: CNNVD-201801-207 // NVD: CVE-2017-18020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18020
value: HIGH

Trust: 1.0

NVD: CVE-2017-18020
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-02569
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201801-207
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-18020
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-02569
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-18020
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-02569 // JVNDB: JVNDB-2017-012051 // CNNVD: CNNVD-201801-207 // NVD: CVE-2017-18020

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-012051 // NVD: CVE-2017-18020

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201801-207

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201801-207

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012051

PATCH
title:SMR-DEC-2017 (SVE-2017-10598)url:https://security.samsungmobile.com/securityUpdate.smsb
Trust: 0.8
title:Samsung mobile device arbitrary code execution vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/115479
Trust: 0.6
title:Samsung Mobile device security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77522
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02569 // 
            
            
            
            JVNDB: JVNDB-2017-012051 // 
            
            
            
            CNNVD: CNNVD-201801-207

EXTERNAL IDS
db:NVDid:CVE-2017-18020
Trust: 3.0
db:JVNDBid:JVNDB-2017-012051
Trust: 0.8
db:CNVDid:CNVD-2018-02569
Trust: 0.6
db:CNNVDid:CNNVD-201801-207
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02569 // 
            
            
            
            JVNDB: JVNDB-2017-012051 // 
            
            
            
            CNNVD: CNNVD-201801-207 // 
            
            
            
            NVD: CVE-2017-18020

REFERENCES
url:https://security.samsungmobile.com/securityupdate.smsb
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2017-18020
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18020
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-02569 // 
            
            
            
            JVNDB: JVNDB-2017-012051 // 
            
            
            
            CNNVD: CNNVD-201801-207 // 
            
            
            
            NVD: CVE-2017-18020

SOURCES
db:CNVDid:CNVD-2018-02569
db:JVNDBid:JVNDB-2017-012051
db:CNNVDid:CNNVD-201801-207
db:NVDid:CVE-2017-18020

LAST UPDATE DATE
2024-11-23T22:12:42.435000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02569date:2018-02-01T00:00:00
db:JVNDBid:JVNDB-2017-012051date:2018-02-15T00:00:00
db:CNNVDid:CNNVD-201801-207date:2018-01-05T00:00:00
db:NVDid:CVE-2017-18020date:2024-11-21T03:19:11.020

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-02569date:2018-02-01T00:00:00
db:JVNDBid:JVNDB-2017-012051date:2018-02-15T00:00:00
db:CNNVDid:CNNVD-201801-207date:2018-01-05T00:00:00
db:NVDid:CVE-2017-18020date:2018-01-04T06:29:00.263