Details of VAR-202201-0998

ID

VAR-202201-0998

CVE

CVE-2022-22272

TITLE

Android Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002950

DESCRIPTION

Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission. Android Exists in a fraudulent authentication vulnerability.Information may be obtained. Samsung TelephonyManager is an application for Samsung mobile devices. Samsung TelephonyManager has an authorization error vulnerability. This vulnerability is caused by improper authorization in TelephonyManager. An attacker can use this vulnerability to obtain IMSI without READ_PRIVILEGED_PHONE_STATE permission

Trust: 2.25

sources: NVD: CVE-2022-22272 // JVNDB: JVNDB-2022-002950 // CNVD: CNVD-2023-95329 // VULMON: CVE-2022-22272

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-95329

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-95329 // JVNDB: JVNDB-2022-002950 // NVD: CVE-2022-22272

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22272
value:	LOW
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-22272
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-22272
value:	LOW
Trust: 0.8
CNVD:	CNVD-2023-95329
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202201-621
value:	LOW
Trust: 0.6
VULMON:	CVE-2022-22272
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-22272
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2023-95329
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-22272
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-22272
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22272
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-95329 // VULMON: CVE-2022-22272 // JVNDB: JVNDB-2022-002950 // CNNVD: CNNVD-202201-621 // NVD: CVE-2022-22272 // NVD: CVE-2022-22272

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Illegal authentication (CWE-863) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-002950 // NVD: CVE-2022-22272

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-621

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-621

PATCH

title:	top page	url:	https://www.android.com/	Trust: 0.8
title:	Patch for Samsung TelephonyManager Authorization Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/494481	Trust: 0.6
title:	Samsung SMR Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=178088	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: CNVD: CNVD-2023-95329 // VULMON: CVE-2022-22272 // JVNDB: JVNDB-2022-002950 // CNNVD: CNNVD-202201-621

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22272	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-002950	Trust: 0.8
db:	CNVD	id:	CNVD-2023-95329	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-621	Trust: 0.6
db:	VULMON	id:	CVE-2022-22272	Trust: 0.1

sources: CNVD: CNVD-2023-95329 // VULMON: CVE-2022-22272 // JVNDB: JVNDB-2022-002950 // CNNVD: CNNVD-202201-621 // NVD: CVE-2022-22272

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=1	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22272	Trust: 2.0
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: CNVD: CNVD-2023-95329 // VULMON: CVE-2022-22272 // JVNDB: JVNDB-2022-002950 // CNNVD: CNNVD-202201-621 // NVD: CVE-2022-22272

SOURCES

db:	CNVD	id:	CNVD-2023-95329
db:	VULMON	id:	CVE-2022-22272
db:	JVNDB	id:	JVNDB-2022-002950
db:	CNNVD	id:	CNNVD-202201-621
db:	NVD	id:	CVE-2022-22272

LAST UPDATE DATE

2024-11-23T23:10:59.136000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-95329	date:	2023-12-05T00:00:00
db:	VULMON	id:	CVE-2022-22272	date:	2023-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-002950	date:	2023-01-31T04:38:00
db:	CNNVD	id:	CNNVD-202201-621	date:	2023-06-28T00:00:00
db:	NVD	id:	CVE-2022-22272	date:	2024-11-21T06:46:32.007

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-95329	date:	2022-10-12T00:00:00
db:	VULMON	id:	CVE-2022-22272	date:	2022-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-002950	date:	2023-01-31T00:00:00
db:	CNNVD	id:	CNNVD-202201-621	date:	2022-01-10T00:00:00
db:	NVD	id:	CVE-2022-22272	date:	2022-01-10T14:12:42.453