Sign-up

ID

VAR-201906-1258


CVE

CVE-2019-6742


TITLE

Samsung Galaxy S9 Code injection vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-005120 // CNNVD: CNNVD-201903-144

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-7477 Was numbered.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungGalaxyS9 is a smartphone from South Korea's Samsung

Trust: 2.88

sources: NVD: CVE-2019-6742 // JVNDB: JVNDB-2019-005120 // ZDI: ZDI-19-255 // CNVD: CNVD-2019-15095 // VULMON: CVE-2019-6742

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-15095

AFFECTED PRODUCTS

vendor:samsungmodel:galaxy s9scope:ltversion:1.4.20.2

Trust: 1.8

vendor:samsungmodel:galaxy s9scope: - version: -

Trust: 1.3

sources: ZDI: ZDI-19-255 // CNVD: CNVD-2019-15095 // JVNDB: JVNDB-2019-005120 // NVD: CVE-2019-6742

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6742
value: CRITICAL

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2019-6742
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-6742
value: CRITICAL

Trust: 0.8

ZDI: CVE-2019-6742
value: CRITICAL

Trust: 0.7

CNVD: CNVD-2019-15095
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201903-144
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-6742
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6742
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-15095
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-6742
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2019-6742
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-6742
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2019-6742
baseSeverity: CRITICAL
baseScore: 10
vectorString: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-19-255 // CNVD: CNVD-2019-15095 // VULMON: CVE-2019-6742 // JVNDB: JVNDB-2019-005120 // CNNVD: CNNVD-201903-144 // NVD: CVE-2019-6742 // NVD: CVE-2019-6742

PROBLEMTYPE DATA

problemtype:CWE-358

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-94

Trust: 0.8

sources: JVNDB: JVNDB-2019-005120 // NVD: CVE-2019-6742

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-144

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201903-144

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005120

PATCH
title:Galaxy S9url:https://www.samsung.com/global/galaxy/galaxy-s9/
Trust: 0.8
title:SamsungGalaxyS9 code execution vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/162007
Trust: 0.6
title:Samsung Galaxy S9 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89812
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-15095 // 
            
            
            
            JVNDB: JVNDB-2019-005120 // 
            
            
            
            CNNVD: CNNVD-201903-144

EXTERNAL IDS
db:NVDid:CVE-2019-6742
Trust: 3.8
db:ZDIid:ZDI-19-255
Trust: 3.2
db:JVNDBid:JVNDB-2019-005120
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-7477
Trust: 0.7
db:CNVDid:CNVD-2019-15095
Trust: 0.6
db:CNNVDid:CNNVD-201903-144
Trust: 0.6
db:VULMONid:CVE-2019-6742
Trust: 0.1
sources:
            
            
            ZDI: ZDI-19-255 // 
            
            
            
            CNVD: CNVD-2019-15095 // 
            
            
            
            VULMON: CVE-2019-6742 // 
            
            
            
            JVNDB: JVNDB-2019-005120 // 
            
            
            
            CNNVD: CNNVD-201903-144 // 
            
            
            
            NVD: CVE-2019-6742

REFERENCES
url:https://www.zerodayinitiative.com/advisories/zdi-19-255/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-6742
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6742
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-15095 // 
            
            
            
            VULMON: CVE-2019-6742 // 
            
            
            
            JVNDB: JVNDB-2019-005120 // 
            
            
            
            CNNVD: CNNVD-201903-144 // 
            
            
            
            NVD: CVE-2019-6742

CREDITS
MWR Labs - Georgi Geshev and Robert Miller
Trust: 0.7
sources:
            
            
            ZDI: ZDI-19-255

SOURCES
db:ZDIid:ZDI-19-255
db:CNVDid:CNVD-2019-15095
db:VULMONid:CVE-2019-6742
db:JVNDBid:JVNDB-2019-005120
db:CNNVDid:CNNVD-201903-144
db:NVDid:CVE-2019-6742

LAST UPDATE DATE
2024-11-23T23:11:47.442000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-255date:2019-06-14T00:00:00
db:CNVDid:CNVD-2019-15095date:2019-05-28T00:00:00
db:VULMONid:CVE-2019-6742date:2021-11-03T00:00:00
db:JVNDBid:JVNDB-2019-005120date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201903-144date:2021-11-04T00:00:00
db:NVDid:CVE-2019-6742date:2024-11-21T04:47:02.787

SOURCES RELEASE DATE
db:ZDIid:ZDI-19-255date:2019-03-05T00:00:00
db:CNVDid:CNVD-2019-15095date:2019-05-23T00:00:00
db:VULMONid:CVE-2019-6742date:2019-06-03T00:00:00
db:JVNDBid:JVNDB-2019-005120date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201903-144date:2019-03-05T00:00:00
db:NVDid:CVE-2019-6742date:2019-06-03T19:29:02.377