Details of VAR-202203-0318

ID

VAR-202203-0318

CVE

CVE-2022-25815

TITLE

Google of Android Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-006578

DESCRIPTION

PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. Google of Android Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung Weather application is an application for Samsung mobile devices to obtain weather forecast information. The vulnerability stems from the unauthorized access in the Samsung Weather application

Trust: 2.16

sources: NVD: CVE-2022-25815 // JVNDB: JVNDB-2022-006578 // CNVD: CNVD-2022-84071

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-84071

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.8
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-84071 // JVNDB: JVNDB-2022-006578 // NVD: CVE-2022-25815

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25815
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-25815
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-25815
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-84071
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202203-868
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-25815
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-84071
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-25815
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-25815
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-25815
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-84071 // JVNDB: JVNDB-2022-006578 // CNNVD: CNNVD-202203-868 // NVD: CVE-2022-25815 // NVD: CVE-2022-25815

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-006578 // NVD: CVE-2022-25815

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-868

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-868

PATCH

title:	Patch for Samsung Weather application hijacking vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/355726	Trust: 0.6
title:	Samsung Weather application Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186083	Trust: 0.6

sources: CNVD: CNVD-2022-84071 // CNNVD: CNNVD-202203-868

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25815	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-006578	Trust: 0.8
db:	CNVD	id:	CNVD-2022-84071	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-868	Trust: 0.6

sources: CNVD: CNVD-2022-84071 // JVNDB: JVNDB-2022-006578 // CNNVD: CNNVD-202203-868 // NVD: CVE-2022-25815

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=3	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25815	Trust: 2.0
url:	https://cxsecurity.com/cveshow/cve-2022-25815/	Trust: 0.6

sources: CNVD: CNVD-2022-84071 // JVNDB: JVNDB-2022-006578 // CNNVD: CNNVD-202203-868 // NVD: CVE-2022-25815

SOURCES

db:	CNVD	id:	CNVD-2022-84071
db:	JVNDB	id:	JVNDB-2022-006578
db:	CNNVD	id:	CNNVD-202203-868
db:	NVD	id:	CVE-2022-25815

LAST UPDATE DATE

2024-08-14T13:22:37.222000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-84071	date:	2022-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-006578	date:	2023-07-06T08:10:00
db:	CNNVD	id:	CNNVD-202203-868	date:	2022-03-17T00:00:00
db:	NVD	id:	CVE-2022-25815	date:	2022-03-16T03:38:53.810

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-84071	date:	2022-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-006578	date:	2023-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202203-868	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2022-25815	date:	2022-03-10T17:47:17.383