Details of VAR-202203-1012

ID

VAR-202203-1012

CVE

CVE-2022-24932

TITLE

Google of Android Vulnerabilities in Products from Other Vendors

Trust: 0.8

sources: JVNDB: JVNDB-2022-006591

DESCRIPTION

Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. Google of Android Products from other vendors have unspecified vulnerabilities.Information may be tampered with. The Samsung Setup wizard process is an installation wizard for Samsung mobile devices. An attacker can exploit this vulnerability to install before the security wizard is completed

Trust: 2.16

sources: NVD: CVE-2022-24932 // JVNDB: JVNDB-2022-006591 // CNVD: CNVD-2023-73910

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-73910

AFFECTED PRODUCTS

vendor:	samsung	model:	cloud	scope:	lt	version:	5.1.0.8	Trust: 1.6
vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	サムスン	model:	samsung cloud	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-73910 // JVNDB: JVNDB-2022-006591 // NVD: CVE-2022-24932

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-24932
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-24932
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-24932
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2023-73910
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202203-896
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-24932
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2023-73910
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-24932
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-24932
baseSeverity:	MEDIUM
baseScore:	4.2
vectorString:	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.5
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-24932
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-73910 // JVNDB: JVNDB-2022-006591 // CNNVD: CNNVD-202203-896 // NVD: CVE-2022-24932 // NVD: CVE-2022-24932

PROBLEMTYPE DATA

problemtype:	CWE-424	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-006591 // NVD: CVE-2022-24932

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-896

PATCH

title:	Patch for Samsung Setup wizard process alternative path improper protection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/355761	Trust: 0.6
title:	Samsung Setup wizard process Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=186182	Trust: 0.6

sources: CNVD: CNVD-2023-73910 // CNNVD: CNNVD-202203-896

EXTERNAL IDS

db:	NVD	id:	CVE-2022-24932	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-006591	Trust: 0.8
db:	CNVD	id:	CNVD-2023-73910	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-896	Trust: 0.6

sources: CNVD: CNVD-2023-73910 // JVNDB: JVNDB-2022-006591 // CNNVD: CNNVD-202203-896 // NVD: CVE-2022-24932

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=3	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24932	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-24932/	Trust: 0.6

sources: CNVD: CNVD-2023-73910 // JVNDB: JVNDB-2022-006591 // CNNVD: CNNVD-202203-896 // NVD: CVE-2022-24932

SOURCES

db:	CNVD	id:	CNVD-2023-73910
db:	JVNDB	id:	JVNDB-2022-006591
db:	CNNVD	id:	CNNVD-202203-896
db:	NVD	id:	CVE-2022-24932

LAST UPDATE DATE

2024-08-14T14:18:03.191000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-73910	date:	2023-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-006591	date:	2023-07-06T08:11:00
db:	CNNVD	id:	CNNVD-202203-896	date:	2023-06-28T00:00:00
db:	NVD	id:	CVE-2022-24932	date:	2023-06-27T19:01:45.197

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-73910	date:	2022-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-006591	date:	2023-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202203-896	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2022-24932	date:	2022-03-10T17:46:57.560