ID

VAR-202203-1012


CVE

CVE-2022-24932


TITLE

Google  of  Android  Vulnerabilities in Products from Other Vendors

Trust: 0.8

sources: JVNDB: JVNDB-2022-006591

DESCRIPTION

Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. Google of Android Products from other vendors have unspecified vulnerabilities.Information may be tampered with. The Samsung Setup wizard process is an installation wizard for Samsung mobile devices. An attacker can exploit this vulnerability to install before the security wizard is completed

Trust: 2.16

sources: NVD: CVE-2022-24932 // JVNDB: JVNDB-2022-006591 // CNVD: CNVD-2023-73910

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-73910

AFFECTED PRODUCTS

vendor:samsungmodel:cloudscope:ltversion:5.1.0.8

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:12.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:10.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:11.0

Trust: 1.0

vendor:サムスンmodel:samsung cloudscope: - version: -

Trust: 0.8

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:samsungmodel:mobile devices qscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices rscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices sscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-73910 // JVNDB: JVNDB-2022-006591 // NVD: CVE-2022-24932

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-24932
value: MEDIUM

Trust: 1.0

mobile.security@samsung.com: CVE-2022-24932
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-24932
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2023-73910
value: LOW

Trust: 0.6

CNNVD: CNNVD-202203-896
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-24932
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2023-73910
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-24932
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2022-24932
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.5
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-24932
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-73910 // JVNDB: JVNDB-2022-006591 // CNNVD: CNNVD-202203-896 // NVD: CVE-2022-24932 // NVD: CVE-2022-24932

PROBLEMTYPE DATA

problemtype:CWE-424

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-006591 // NVD: CVE-2022-24932

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-896

PATCH

title:Patch for Samsung Setup wizard process alternative path improper protection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/355761

Trust: 0.6

title:Samsung Setup wizard process Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=186182

Trust: 0.6

sources: CNVD: CNVD-2023-73910 // CNNVD: CNNVD-202203-896

EXTERNAL IDS

db:NVDid:CVE-2022-24932

Trust: 3.8

db:JVNDBid:JVNDB-2022-006591

Trust: 0.8

db:CNVDid:CNVD-2023-73910

Trust: 0.6

db:CNNVDid:CNNVD-202203-896

Trust: 0.6

sources: CNVD: CNVD-2023-73910 // JVNDB: JVNDB-2022-006591 // CNNVD: CNNVD-202203-896 // NVD: CVE-2022-24932

REFERENCES

url:https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=3

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-24932

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-24932/

Trust: 0.6

sources: CNVD: CNVD-2023-73910 // JVNDB: JVNDB-2022-006591 // CNNVD: CNNVD-202203-896 // NVD: CVE-2022-24932

SOURCES

db:CNVDid:CNVD-2023-73910
db:JVNDBid:JVNDB-2022-006591
db:CNNVDid:CNNVD-202203-896
db:NVDid:CVE-2022-24932

LAST UPDATE DATE

2024-08-14T14:18:03.191000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-73910date:2023-09-30T00:00:00
db:JVNDBid:JVNDB-2022-006591date:2023-07-06T08:11:00
db:CNNVDid:CNNVD-202203-896date:2023-06-28T00:00:00
db:NVDid:CVE-2022-24932date:2023-06-27T19:01:45.197

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-73910date:2022-10-12T00:00:00
db:JVNDBid:JVNDB-2022-006591date:2023-07-06T00:00:00
db:CNNVDid:CNNVD-202203-896date:2022-03-10T00:00:00
db:NVDid:CVE-2022-24932date:2022-03-10T17:46:57.560