ID

VAR-202107-1287


CVE

CVE-2021-25426


TITLE

Samsung Message information leakage vulnerability (CNVD-2023-95335)

Trust: 0.6

sources: CNVD: CNVD-2023-95335

DESCRIPTION

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. Samsung Messages is an application for Samsung mobile devices. Provides a tool that comes pre-installed by default on all its official devices. Samsung Message has an information disclosure vulnerability. The vulnerability stems from the lack of appropriate protection permissions in the product's SmsViewerActivity component. An attacker can exploit this vulnerability to access the Message file

Trust: 1.53

sources: NVD: CVE-2021-25426 // CNVD: CNVD-2023-95335 // VULMON: CVE-2021-25426

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-95335

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:10.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:9.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:11.0

Trust: 1.0

vendor:samsungmodel:mobile devices pscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices qscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices rscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-95335 // NVD: CVE-2021-25426

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-25426
value: HIGH

Trust: 1.0

CNVD: CNVD-2023-95335
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-468
value: HIGH

Trust: 0.6

VULMON: CVE-2021-25426
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-25426
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2023-95335
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-25426
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2023-95335 // VULMON: CVE-2021-25426 // CNNVD: CNNVD-202107-468 // NVD: CVE-2021-25426

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2021-25426

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-468

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202107-468

PATCH

title:Patch for Samsung Message information leakage vulnerability (CNVD-2023-95335)url:https://www.cnvd.org.cn/patchInfo/show/357336

Trust: 0.6

sources: CNVD: CNVD-2023-95335

EXTERNAL IDS

db:NVDid:CVE-2021-25426

Trust: 2.3

db:CNVDid:CNVD-2023-95335

Trust: 0.6

db:CNNVDid:CNNVD-202107-468

Trust: 0.6

db:VULMONid:CVE-2021-25426

Trust: 0.1

sources: CNVD: CNVD-2023-95335 // VULMON: CVE-2021-25426 // CNNVD: CNNVD-202107-468 // NVD: CVE-2021-25426

REFERENCES

url:https://security.samsungmobile.com/securityupdate.smsb?year=2021&month=7

Trust: 1.7

url:https://blog.oversecured.com/two-weeks-of-securing-samsung-devices-part-2/

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-25426

Trust: 1.2

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-95335 // VULMON: CVE-2021-25426 // CNNVD: CNNVD-202107-468 // NVD: CVE-2021-25426

SOURCES

db:CNVDid:CNVD-2023-95335
db:VULMONid:CVE-2021-25426
db:CNNVDid:CNNVD-202107-468
db:NVDid:CVE-2021-25426

LAST UPDATE DATE

2024-08-14T15:38:00.146000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-95335date:2023-12-05T00:00:00
db:VULMONid:CVE-2021-25426date:2021-07-12T00:00:00
db:CNNVDid:CNNVD-202107-468date:2022-09-26T00:00:00
db:NVDid:CVE-2021-25426date:2022-09-23T19:11:56.070

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-95335date:2022-10-18T00:00:00
db:VULMONid:CVE-2021-25426date:2021-07-08T00:00:00
db:CNNVDid:CNNVD-202107-468date:2021-07-08T00:00:00
db:NVDid:CVE-2021-25426date:2021-07-08T14:15:08.090