Details of VAR-202110-0186

ID

VAR-202110-0186

CVE

CVE-2021-25471

TITLE

Samsung Security Mode Command process Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2023-73942

DESCRIPTION

A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion. Samsung Security Mode Command process is the safe mode command process in Samsung mobile devices. The vulnerability is due to the lack of replay attack protection. An attacker can exploit this vulnerability to cause a denial of service on the mobile network connection

Trust: 1.53

sources: NVD: CVE-2021-25471 // CNVD: CNVD-2023-73942 // VULMON: CVE-2021-25471

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-73942

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	9.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	8.1	Trust: 1.0
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices o	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices p	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-73942 // NVD: CVE-2021-25471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-25471
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2021-25471
value:	LOW
Trust: 1.0
CNVD:	CNVD-2023-73942
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202110-326
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-25471
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-25471
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2023-73942
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-25471
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2021-25471
baseSeverity:	LOW
baseScore:	3.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.2
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2023-73942 // VULMON: CVE-2021-25471 // CNNVD: CNNVD-202110-326 // NVD: CVE-2021-25471 // NVD: CVE-2021-25471

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0

sources: NVD: CVE-2021-25471

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-326

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-326

PATCH

title:	Patch for Samsung Security Mode Command process Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/355091	Trust: 0.6
title:	Samsung SMR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164999	Trust: 0.6

sources: CNVD: CNVD-2023-73942 // CNNVD: CNNVD-202110-326

EXTERNAL IDS

db:	NVD	id:	CVE-2021-25471	Trust: 2.3
db:	CNVD	id:	CNVD-2023-73942	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-326	Trust: 0.6
db:	VULMON	id:	CVE-2021-25471	Trust: 0.1

sources: CNVD: CNVD-2023-73942 // VULMON: CVE-2021-25471 // CNNVD: CNNVD-202110-326 // NVD: CVE-2021-25471

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2021&month=10	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25471	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-73942 // VULMON: CVE-2021-25471 // CNNVD: CNNVD-202110-326 // NVD: CVE-2021-25471

SOURCES

db:	CNVD	id:	CNVD-2023-73942
db:	VULMON	id:	CVE-2021-25471
db:	CNNVD	id:	CNNVD-202110-326
db:	NVD	id:	CVE-2021-25471

LAST UPDATE DATE

2024-08-14T14:50:06.439000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-73942	date:	2023-10-01T00:00:00
db:	VULMON	id:	CVE-2021-25471	date:	2021-10-13T00:00:00
db:	CNNVD	id:	CNNVD-202110-326	date:	2021-10-14T00:00:00
db:	NVD	id:	CVE-2021-25471	date:	2021-10-13T18:23:41.277

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-73942	date:	2022-10-11T00:00:00
db:	VULMON	id:	CVE-2021-25471	date:	2021-10-06T00:00:00
db:	CNNVD	id:	CNNVD-202110-326	date:	2021-10-06T00:00:00
db:	NVD	id:	CVE-2021-25471	date:	2021-10-06T18:15:08.763