Details of VAR-202205-0075

ID

VAR-202205-0075

CVE

CVE-2022-28781

TITLE

Google of Android Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008888

DESCRIPTION

Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller. Google of Android There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung Settings is the settings function of Samsung mobile devices. There is an input validation error vulnerability in Samsung Settings. The vulnerability is caused by incorrect input validation logic in Settings. An attacker could exploit this vulnerability to initiate arbitrary activity with system privileges

Trust: 2.25

sources: NVD: CVE-2022-28781 // JVNDB: JVNDB-2022-008888 // CNVD: CNVD-2023-73907 // VULMON: CVE-2022-28781

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-73907

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.8
vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.8
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-73907 // JVNDB: JVNDB-2022-008888 // NVD: CVE-2022-28781

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-28781
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-28781
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-28781
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2023-73907
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202205-2010
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2022-28781
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-28781
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2023-73907
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-28781
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-28781
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2022-28781
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-73907 // VULMON: CVE-2022-28781 // JVNDB: JVNDB-2022-008888 // CNNVD: CNNVD-202205-2010 // NVD: CVE-2022-28781 // NVD: CVE-2022-28781

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-008888 // NVD: CVE-2022-28781

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-2010

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202205-2010

PATCH

title:	Patch for Samsung Settings input validation error vulnerability (CNVD-2023-73907)	url:	https://www.cnvd.org.cn/patchInfo/show/356056	Trust: 0.6
title:	Samsung SMR Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192413	Trust: 0.6

sources: CNVD: CNVD-2023-73907 // CNNVD: CNNVD-202205-2010

EXTERNAL IDS

db:	NVD	id:	CVE-2022-28781	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-008888	Trust: 0.8
db:	CNVD	id:	CNVD-2023-73907	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-2010	Trust: 0.6
db:	VULMON	id:	CVE-2022-28781	Trust: 0.1

sources: CNVD: CNVD-2023-73907 // VULMON: CVE-2022-28781 // JVNDB: JVNDB-2022-008888 // CNNVD: CNNVD-202205-2010 // NVD: CVE-2022-28781

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=5	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28781	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-28781/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-73907 // VULMON: CVE-2022-28781 // JVNDB: JVNDB-2022-008888 // CNNVD: CNNVD-202205-2010 // NVD: CVE-2022-28781

SOURCES

db:	CNVD	id:	CNVD-2023-73907
db:	VULMON	id:	CVE-2022-28781
db:	JVNDB	id:	JVNDB-2022-008888
db:	CNNVD	id:	CNNVD-202205-2010
db:	NVD	id:	CVE-2022-28781

LAST UPDATE DATE

2024-08-14T13:42:48.092000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-73907	date:	2023-09-29T00:00:00
db:	VULMON	id:	CVE-2022-28781	date:	2022-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-008888	date:	2023-08-01T08:31:00
db:	CNNVD	id:	CNNVD-202205-2010	date:	2022-05-12T00:00:00
db:	NVD	id:	CVE-2022-28781	date:	2022-05-11T17:22:50.827

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-73907	date:	2022-10-13T00:00:00
db:	VULMON	id:	CVE-2022-28781	date:	2022-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-008888	date:	2023-08-01T00:00:00
db:	CNNVD	id:	CNNVD-202205-2010	date:	2022-05-03T00:00:00
db:	NVD	id:	CVE-2022-28781	date:	2022-05-03T20:15:09.117