Details of VAR-202110-0187

ID

VAR-202110-0187

CVE

CVE-2021-25472

TITLE

Samsung BluetoothSettingsProvider Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2023-73943

DESCRIPTION

An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information. Samsung BluetoothSettingsProvider is the Bluetooth function of Samsung mobile devices. There is an access control error vulnerability in Samsung BluetoothSettingsProvider. This vulnerability is caused by the lack of correct verification checks

Trust: 1.53

sources: NVD: CVE-2021-25472 // CNVD: CNVD-2023-73943 // VULMON: CVE-2021-25472

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-73943

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	9.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	8.1	Trust: 1.0
vendor:	samsung	model:	mobile devices p	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices o	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-73943 // NVD: CVE-2021-25472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-25472
value:	LOW
Trust: 1.0
mobile.security@samsung.com:	CVE-2021-25472
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2023-73943
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202110-327
value:	LOW
Trust: 0.6
VULMON:	CVE-2021-25472
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-25472
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2023-73943
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-25472
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2021-25472
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2023-73943 // VULMON: CVE-2021-25472 // CNNVD: CNNVD-202110-327 // NVD: CVE-2021-25472 // NVD: CVE-2021-25472

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: NVD: CVE-2021-25472

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-327

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-327

PATCH

title:	Patch for Samsung BluetoothSettingsProvider Access Control Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/355096	Trust: 0.6
title:	Samsung SMR Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=165706	Trust: 0.6

sources: CNVD: CNVD-2023-73943 // CNNVD: CNNVD-202110-327

EXTERNAL IDS

db:	NVD	id:	CVE-2021-25472	Trust: 2.3
db:	CNVD	id:	CNVD-2023-73943	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-327	Trust: 0.6
db:	VULMON	id:	CVE-2021-25472	Trust: 0.1

sources: CNVD: CNVD-2023-73943 // VULMON: CVE-2021-25472 // CNNVD: CNNVD-202110-327 // NVD: CVE-2021-25472

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2021&month=10	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25472	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-73943 // VULMON: CVE-2021-25472 // CNNVD: CNNVD-202110-327 // NVD: CVE-2021-25472

SOURCES

db:	CNVD	id:	CNVD-2023-73943
db:	VULMON	id:	CVE-2021-25472
db:	CNNVD	id:	CNNVD-202110-327
db:	NVD	id:	CVE-2021-25472

LAST UPDATE DATE

2024-08-14T13:43:22.807000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-73943	date:	2023-10-01T00:00:00
db:	VULMON	id:	CVE-2021-25472	date:	2021-10-13T00:00:00
db:	CNNVD	id:	CNNVD-202110-327	date:	2022-09-26T00:00:00
db:	NVD	id:	CVE-2021-25472	date:	2022-09-23T19:15:06.227

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-73943	date:	2022-10-11T00:00:00
db:	VULMON	id:	CVE-2021-25472	date:	2021-10-06T00:00:00
db:	CNNVD	id:	CNNVD-202110-327	date:	2021-10-06T00:00:00
db:	NVD	id:	CVE-2021-25472	date:	2021-10-06T18:15:08.813