Details of VAR-202203-1029

ID

VAR-202203-1029

CVE

CVE-2022-25816

TITLE

Google of Android Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-006577

DESCRIPTION

Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication. Google of Android There is an authentication vulnerability in.Information may be tampered with. The vulnerability is caused by the lack of authentication measures or insufficient authentication strength in the network system or product

Trust: 2.16

sources: NVD: CVE-2022-25816 // JVNDB: JVNDB-2022-006577 // CNVD: CNVD-2023-73912

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-73912

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.8
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.8
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-73912 // JVNDB: JVNDB-2022-006577 // NVD: CVE-2022-25816

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25816
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-25816
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-25816
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2023-73912
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202203-865
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-25816
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2023-73912
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-25816
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-25816
baseSeverity:	MEDIUM
baseScore:	4.1
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	0.7
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-25816
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-73912 // JVNDB: JVNDB-2022-006577 // CNNVD: CNNVD-202203-865 // NVD: CVE-2022-25816 // NVD: CVE-2022-25816

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-006577 // NVD: CVE-2022-25816

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202203-865

PATCH

title:	Patch for Samsung Lock and mask apps setting authorization issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/355781	Trust: 0.6
title:	Samsung Lock and mask apps setting Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186081	Trust: 0.6

sources: CNVD: CNVD-2023-73912 // CNNVD: CNNVD-202203-865

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25816	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-006577	Trust: 0.8
db:	CNVD	id:	CNVD-2023-73912	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-865	Trust: 0.6

sources: CNVD: CNVD-2023-73912 // JVNDB: JVNDB-2022-006577 // CNNVD: CNNVD-202203-865 // NVD: CVE-2022-25816

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=3	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25816	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-25816/	Trust: 0.6

sources: CNVD: CNVD-2023-73912 // JVNDB: JVNDB-2022-006577 // CNNVD: CNNVD-202203-865 // NVD: CVE-2022-25816

SOURCES

db:	CNVD	id:	CNVD-2023-73912
db:	JVNDB	id:	JVNDB-2022-006577
db:	CNNVD	id:	CNNVD-202203-865
db:	NVD	id:	CVE-2022-25816

LAST UPDATE DATE

2024-08-14T15:27:24.313000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-73912	date:	2023-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-006577	date:	2023-07-06T08:10:00
db:	CNNVD	id:	CNNVD-202203-865	date:	2022-03-17T00:00:00
db:	NVD	id:	CVE-2022-25816	date:	2022-03-16T03:38:27.100

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-73912	date:	2022-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-006577	date:	2023-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202203-865	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2022-25816	date:	2022-03-10T17:47:18.067