Details of VAR-202203-0319

ID

VAR-202203-0319

CVE

CVE-2022-25820

TITLE

Google of Android Vulnerability in improperly limiting excessive authentication attempts in

Trust: 0.8

sources: JVNDB: JVNDB-2022-006573

DESCRIPTION

A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. Google of Android Is vulnerable to improper restrictions on excessive authentication attempts.Information may be obtained. Samsung fingerprint matching algorithm is a fingerprint matching algorithm for Samsung mobile devices. There is a design error vulnerability in the Samsung fingerprint matching algorithm. This vulnerability is due to the improper design of the failure counting algorithm

Trust: 2.16

sources: NVD: CVE-2022-25820 // JVNDB: JVNDB-2022-006573 // CNVD: CNVD-2022-84070

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-84070

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.8
vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-84070 // JVNDB: JVNDB-2022-006573 // NVD: CVE-2022-25820

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25820
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-25820
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-25820
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-84070
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202203-866
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-25820
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-84070
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-25820
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-25820
baseSeverity:	MEDIUM
baseScore:	4.2
vectorString:	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.5
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-25820
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-84070 // JVNDB: JVNDB-2022-006573 // CNNVD: CNNVD-202203-866 // NVD: CVE-2022-25820 // NVD: CVE-2022-25820

PROBLEMTYPE DATA

problemtype:	CWE-307	Trust: 1.0
problemtype:	Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-006573 // NVD: CVE-2022-25820

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-866

PATCH

title:	Patch for Samsung fingerprint matching algorithm design error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/355716	Trust: 0.6
title:	Samsung fingerprint matching algorithm Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186082	Trust: 0.6

sources: CNVD: CNVD-2022-84070 // CNNVD: CNNVD-202203-866

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25820	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-006573	Trust: 0.8
db:	CNVD	id:	CNVD-2022-84070	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-866	Trust: 0.6

sources: CNVD: CNVD-2022-84070 // JVNDB: JVNDB-2022-006573 // CNNVD: CNNVD-202203-866 // NVD: CVE-2022-25820

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=3	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25820	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-25820/	Trust: 0.6

sources: CNVD: CNVD-2022-84070 // JVNDB: JVNDB-2022-006573 // CNNVD: CNNVD-202203-866 // NVD: CVE-2022-25820

SOURCES

db:	CNVD	id:	CNVD-2022-84070
db:	JVNDB	id:	JVNDB-2022-006573
db:	CNNVD	id:	CNNVD-202203-866
db:	NVD	id:	CVE-2022-25820

LAST UPDATE DATE

2024-08-14T15:27:24.852000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-84070	date:	2022-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-006573	date:	2023-07-06T08:10:00
db:	CNNVD	id:	CNNVD-202203-866	date:	2022-03-17T00:00:00
db:	NVD	id:	CVE-2022-25820	date:	2022-03-16T03:35:55.603

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-84070	date:	2022-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-006573	date:	2023-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202203-866	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2022-25820	date:	2022-03-10T17:47:20.677