Details of VAR-202201-1691

ID

VAR-202201-1691

CVE

CVE-2022-22269

TITLE

Android Vulnerability in externally accessible files or directories in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002957

DESCRIPTION

Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. Android Exists in a vulnerability in externally accessible files or directories.Information may be obtained. Samsung BluetoothSettingsProvider is the Bluetooth function of Samsung mobile devices. There is an information disclosure vulnerability in Samsung BluetoothSettingsProvider. The vulnerability is caused by sensitive data being stored in the unprotected BluetoothSettingsProvider. An attacker can use this vulnerability to obtain the local Bluetooth MAC address

Trust: 2.25

sources: NVD: CVE-2022-22269 // JVNDB: JVNDB-2022-002957 // CNVD: CNVD-2023-95327 // VULMON: CVE-2022-22269

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-95327

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	9.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices p	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-95327 // JVNDB: JVNDB-2022-002957 // NVD: CVE-2022-22269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22269
value:	LOW
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-22269
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-22269
value:	LOW
Trust: 0.8
CNVD:	CNVD-2023-95327
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202201-618
value:	LOW
Trust: 0.6
VULMON:	CVE-2022-22269
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-22269
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2023-95327
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-22269
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-22269
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22269
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-95327 // VULMON: CVE-2022-22269 // JVNDB: JVNDB-2022-002957 // CNNVD: CNNVD-202201-618 // NVD: CVE-2022-22269 // NVD: CVE-2022-22269

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.0
problemtype:	CWE-552	Trust: 1.0
problemtype:	Externally accessible file or directory (CWE-552) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-002957 // NVD: CVE-2022-22269

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-618

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-618

PATCH

title:	top page	url:	https://www.android.com/	Trust: 0.8
title:	Patch for Samsung BluetoothSettingsProvider information leakage vulnerability (Bluetooth MAC)	url:	https://www.cnvd.org.cn/patchInfo/show/355486	Trust: 0.6
title:	Samsung SMR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178085	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: CNVD: CNVD-2023-95327 // VULMON: CVE-2022-22269 // JVNDB: JVNDB-2022-002957 // CNNVD: CNNVD-202201-618

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22269	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-002957	Trust: 0.8
db:	CNVD	id:	CNVD-2023-95327	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-618	Trust: 0.6
db:	VULMON	id:	CVE-2022-22269	Trust: 0.1

sources: CNVD: CNVD-2023-95327 // VULMON: CVE-2022-22269 // JVNDB: JVNDB-2022-002957 // CNNVD: CNNVD-202201-618 // NVD: CVE-2022-22269

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=1	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22269	Trust: 2.0
url:	https://cwe.mitre.org/data/definitions/552.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: CNVD: CNVD-2023-95327 // VULMON: CVE-2022-22269 // JVNDB: JVNDB-2022-002957 // CNNVD: CNNVD-202201-618 // NVD: CVE-2022-22269

SOURCES

db:	CNVD	id:	CNVD-2023-95327
db:	VULMON	id:	CVE-2022-22269
db:	JVNDB	id:	JVNDB-2022-002957
db:	CNNVD	id:	CNNVD-202201-618
db:	NVD	id:	CVE-2022-22269

LAST UPDATE DATE

2024-08-14T15:01:09.067000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-95327	date:	2023-12-05T00:00:00
db:	VULMON	id:	CVE-2022-22269	date:	2022-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-002957	date:	2023-01-31T05:26:00
db:	CNNVD	id:	CNNVD-202201-618	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2022-22269	date:	2022-01-15T02:20:13.473

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-95327	date:	2022-10-12T00:00:00
db:	VULMON	id:	CVE-2022-22269	date:	2022-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-002957	date:	2023-01-31T00:00:00
db:	CNNVD	id:	CNNVD-202201-618	date:	2022-01-10T00:00:00
db:	NVD	id:	CVE-2022-22269	date:	2022-01-10T14:12:40.230