ID

VAR-202110-0187


CVE

CVE-2021-25472


TITLE

Samsung BluetoothSettingsProvider Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2023-73943

DESCRIPTION

An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information. Samsung BluetoothSettingsProvider is the Bluetooth function of Samsung mobile devices. There is an access control error vulnerability in Samsung BluetoothSettingsProvider. This vulnerability is caused by the lack of correct verification checks

Trust: 1.53

sources: NVD: CVE-2021-25472 // CNVD: CNVD-2023-73943 // VULMON: CVE-2021-25472

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-73943

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:10.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:9.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:11.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:8.1

Trust: 1.0

vendor:samsungmodel:mobile devices pscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices qscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices rscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices oscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-73943 // NVD: CVE-2021-25472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-25472
value: LOW

Trust: 1.0

mobile.security@samsung.com: CVE-2021-25472
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2023-73943
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202110-327
value: LOW

Trust: 0.6

VULMON: CVE-2021-25472
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-25472
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2023-73943
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-25472
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2021-25472
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2023-73943 // VULMON: CVE-2021-25472 // CNNVD: CNNVD-202110-327 // NVD: CVE-2021-25472 // NVD: CVE-2021-25472

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2021-25472

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-327

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-327

PATCH

title:Patch for Samsung BluetoothSettingsProvider Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/355096

Trust: 0.6

title:Samsung SMR Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=165706

Trust: 0.6

sources: CNVD: CNVD-2023-73943 // CNNVD: CNNVD-202110-327

EXTERNAL IDS

db:NVDid:CVE-2021-25472

Trust: 2.3

db:CNVDid:CNVD-2023-73943

Trust: 0.6

db:CNNVDid:CNNVD-202110-327

Trust: 0.6

db:VULMONid:CVE-2021-25472

Trust: 0.1

sources: CNVD: CNVD-2023-73943 // VULMON: CVE-2021-25472 // CNNVD: CNNVD-202110-327 // NVD: CVE-2021-25472

REFERENCES

url:https://security.samsungmobile.com/securityupdate.smsb?year=2021&month=10

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-25472

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/863.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-73943 // VULMON: CVE-2021-25472 // CNNVD: CNNVD-202110-327 // NVD: CVE-2021-25472

SOURCES

db:CNVDid:CNVD-2023-73943
db:VULMONid:CVE-2021-25472
db:CNNVDid:CNNVD-202110-327
db:NVDid:CVE-2021-25472

LAST UPDATE DATE

2024-08-14T13:43:22.807000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-73943date:2023-10-01T00:00:00
db:VULMONid:CVE-2021-25472date:2021-10-13T00:00:00
db:CNNVDid:CNNVD-202110-327date:2022-09-26T00:00:00
db:NVDid:CVE-2021-25472date:2022-09-23T19:15:06.227

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-73943date:2022-10-11T00:00:00
db:VULMONid:CVE-2021-25472date:2021-10-06T00:00:00
db:CNNVDid:CNNVD-202110-327date:2021-10-06T00:00:00
db:NVDid:CVE-2021-25472date:2021-10-06T18:15:08.813