Details of VAR-201803-1877

ID

VAR-201803-1877

CVE

CVE-2018-9142

TITLE

Samsung Vulnerability related to input validation in mobile device software

Trust: 0.8

sources: JVNDB: JVNDB-2018-003406

DESCRIPTION

On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932. Samsung Mobile device software contains an input validation vulnerability. Vendors have confirmed this vulnerability SVE-2017-10932 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsungmobiledevices and so on are all released by South Korea's Samsung (Samsung) company's smart mobile devices. AndroidN is a Linux-based open source operating system jointly developed by Google and the Open Handheld Device Alliance (OHA). A security vulnerability exists in the AndroidN (7.x) version of the Samsung mobile device that caused the program to fail to properly verify the package signature and name. An attacker could exploit this vulnerability to install any APK on the SecureFolderSDCard zone

Trust: 2.16

sources: NVD: CVE-2018-9142 // JVNDB: JVNDB-2018-003406 // CNVD: CNVD-2018-08469

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-08469

AFFECTED PRODUCTS

vendor:	samsung	model:	mobile	scope:	eq	version:	7.1.2	Trust: 1.6
vendor:	samsung	model:	mobile	scope:	eq	version:	7.1.1	Trust: 1.6
vendor:	samsung	model:	mobile	scope:	eq	version:	7.1	Trust: 1.6
vendor:	samsung	model:	mobile	scope:	eq	version:	7.0	Trust: 1.6
vendor:	samsung	model:	mobile	scope:	eq	version:	7.x	Trust: 0.8
vendor:	samsung	model:	mobile devices n	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-08469 // JVNDB: JVNDB-2018-003406 // CNNVD: CNNVD-201804-060 // NVD: CVE-2018-9142

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-9142
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-9142
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-08469
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201804-060
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2018-9142
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-08469
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-9142
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-08469 // JVNDB: JVNDB-2018-003406 // CNNVD: CNNVD-201804-060 // NVD: CVE-2018-9142

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2018-003406 // NVD: CVE-2018-9142

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-060

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201804-060

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003406

PATCH

title:	Android Security Updates	url:	https://security.samsungmobile.com/securityUpdate.smsb	Trust: 0.8
title:	Samsung mobile device design vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/127501	Trust: 0.6
title:	Samsung Mobile device security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82927	Trust: 0.6

sources: CNVD: CNVD-2018-08469 // JVNDB: JVNDB-2018-003406 // CNNVD: CNNVD-201804-060

EXTERNAL IDS

db:	NVD	id:	CVE-2018-9142	Trust: 3.0
db:	JVNDB	id:	JVNDB-2018-003406	Trust: 0.8
db:	CNVD	id:	CNVD-2018-08469	Trust: 0.6
db:	CNNVD	id:	CNNVD-201804-060	Trust: 0.6

sources: CNVD: CNVD-2018-08469 // JVNDB: JVNDB-2018-003406 // CNNVD: CNNVD-201804-060 // NVD: CVE-2018-9142

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb	Trust: 2.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9142	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-9142	Trust: 0.8

sources: CNVD: CNVD-2018-08469 // JVNDB: JVNDB-2018-003406 // CNNVD: CNNVD-201804-060 // NVD: CVE-2018-9142

SOURCES

db:	CNVD	id:	CNVD-2018-08469
db:	JVNDB	id:	JVNDB-2018-003406
db:	CNNVD	id:	CNNVD-201804-060
db:	NVD	id:	CVE-2018-9142

LAST UPDATE DATE

2024-11-23T22:26:26.309000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-08469	date:	2018-04-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-003406	date:	2018-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201804-060	date:	2018-04-02T00:00:00
db:	NVD	id:	CVE-2018-9142	date:	2024-11-21T04:15:03.793

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-08469	date:	2018-04-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-003406	date:	2018-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201804-060	date:	2018-04-02T00:00:00
db:	NVD	id:	CVE-2018-9142	date:	2018-03-30T08:29:00.790