Details of VAR-202107-1287

ID

VAR-202107-1287

CVE

CVE-2021-25426

TITLE

Samsung Message information leakage vulnerability (CNVD-2023-95335)

Trust: 0.6

sources: CNVD: CNVD-2023-95335

DESCRIPTION

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. Samsung Messages is an application for Samsung mobile devices. Provides a tool that comes pre-installed by default on all its official devices. Samsung Message has an information disclosure vulnerability. The vulnerability stems from the lack of appropriate protection permissions in the product's SmsViewerActivity component. An attacker can exploit this vulnerability to access the Message file

Trust: 1.53

sources: NVD: CVE-2021-25426 // CNVD: CNVD-2023-95335 // VULMON: CVE-2021-25426

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-95335

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	9.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	samsung	model:	mobile devices p	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-95335 // NVD: CVE-2021-25426

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-25426
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2023-95335
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-468
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-25426
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-25426
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2023-95335
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-25426
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2023-95335 // VULMON: CVE-2021-25426 // CNNVD: CNNVD-202107-468 // NVD: CVE-2021-25426

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: NVD: CVE-2021-25426

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-468

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202107-468

PATCH

title:

Patch for Samsung Message information leakage vulnerability (CNVD-2023-95335)

url:

https://www.cnvd.org.cn/patchInfo/show/357336

Trust: 0.6

sources: CNVD: CNVD-2023-95335

EXTERNAL IDS

db:	NVD	id:	CVE-2021-25426	Trust: 2.3
db:	CNVD	id:	CNVD-2023-95335	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-468	Trust: 0.6
db:	VULMON	id:	CVE-2021-25426	Trust: 0.1

sources: CNVD: CNVD-2023-95335 // VULMON: CVE-2021-25426 // CNNVD: CNNVD-202107-468 // NVD: CVE-2021-25426

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2021&month=7	Trust: 1.7
url:	https://blog.oversecured.com/two-weeks-of-securing-samsung-devices-part-2/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25426	Trust: 1.2
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-95335 // VULMON: CVE-2021-25426 // CNNVD: CNNVD-202107-468 // NVD: CVE-2021-25426

SOURCES

db:	CNVD	id:	CNVD-2023-95335
db:	VULMON	id:	CVE-2021-25426
db:	CNNVD	id:	CNNVD-202107-468
db:	NVD	id:	CVE-2021-25426

LAST UPDATE DATE

2024-08-14T15:38:00.146000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-95335	date:	2023-12-05T00:00:00
db:	VULMON	id:	CVE-2021-25426	date:	2021-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202107-468	date:	2022-09-26T00:00:00
db:	NVD	id:	CVE-2021-25426	date:	2022-09-23T19:11:56.070

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-95335	date:	2022-10-18T00:00:00
db:	VULMON	id:	CVE-2021-25426	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-202107-468	date:	2021-07-08T00:00:00
db:	NVD	id:	CVE-2021-25426	date:	2021-07-08T14:15:08.090