ID

VAR-202205-0075


CVE

CVE-2022-28781


TITLE

Google  of  Android  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008888

DESCRIPTION

Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller. Google of Android There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung Settings is the settings function of Samsung mobile devices. There is an input validation error vulnerability in Samsung Settings. The vulnerability is caused by incorrect input validation logic in Settings. An attacker could exploit this vulnerability to initiate arbitrary activity with system privileges

Trust: 2.25

sources: NVD: CVE-2022-28781 // JVNDB: JVNDB-2022-008888 // CNVD: CNVD-2023-73907 // VULMON: CVE-2022-28781

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-73907

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:11.0

Trust: 1.8

vendor:googlemodel:androidscope:eqversion:12.0

Trust: 1.8

vendor:googlemodel:androidscope:eqversion: -

Trust: 0.8

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:samsungmodel:mobile devices rscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices sscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-73907 // JVNDB: JVNDB-2022-008888 // NVD: CVE-2022-28781

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-28781
value: MEDIUM

Trust: 1.0

mobile.security@samsung.com: CVE-2022-28781
value: HIGH

Trust: 1.0

NVD: CVE-2022-28781
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2023-73907
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202205-2010
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-28781
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-28781
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2023-73907
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-28781
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2022-28781
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-28781
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-73907 // VULMON: CVE-2022-28781 // JVNDB: JVNDB-2022-008888 // CNNVD: CNNVD-202205-2010 // NVD: CVE-2022-28781 // NVD: CVE-2022-28781

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008888 // NVD: CVE-2022-28781

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-2010

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202205-2010

PATCH

title:Patch for Samsung Settings input validation error vulnerability (CNVD-2023-73907)url:https://www.cnvd.org.cn/patchInfo/show/356056

Trust: 0.6

title:Samsung SMR Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192413

Trust: 0.6

sources: CNVD: CNVD-2023-73907 // CNNVD: CNNVD-202205-2010

EXTERNAL IDS

db:NVDid:CVE-2022-28781

Trust: 3.9

db:JVNDBid:JVNDB-2022-008888

Trust: 0.8

db:CNVDid:CNVD-2023-73907

Trust: 0.6

db:CNNVDid:CNNVD-202205-2010

Trust: 0.6

db:VULMONid:CVE-2022-28781

Trust: 0.1

sources: CNVD: CNVD-2023-73907 // VULMON: CVE-2022-28781 // JVNDB: JVNDB-2022-008888 // CNNVD: CNNVD-202205-2010 // NVD: CVE-2022-28781

REFERENCES

url:https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=5

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-28781

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-28781/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-73907 // VULMON: CVE-2022-28781 // JVNDB: JVNDB-2022-008888 // CNNVD: CNNVD-202205-2010 // NVD: CVE-2022-28781

SOURCES

db:CNVDid:CNVD-2023-73907
db:VULMONid:CVE-2022-28781
db:JVNDBid:JVNDB-2022-008888
db:CNNVDid:CNNVD-202205-2010
db:NVDid:CVE-2022-28781

LAST UPDATE DATE

2024-08-14T13:42:48.092000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-73907date:2023-09-29T00:00:00
db:VULMONid:CVE-2022-28781date:2022-05-11T00:00:00
db:JVNDBid:JVNDB-2022-008888date:2023-08-01T08:31:00
db:CNNVDid:CNNVD-202205-2010date:2022-05-12T00:00:00
db:NVDid:CVE-2022-28781date:2022-05-11T17:22:50.827

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-73907date:2022-10-13T00:00:00
db:VULMONid:CVE-2022-28781date:2022-05-03T00:00:00
db:JVNDBid:JVNDB-2022-008888date:2023-08-01T00:00:00
db:CNNVDid:CNNVD-202205-2010date:2022-05-03T00:00:00
db:NVDid:CVE-2022-28781date:2022-05-03T20:15:09.117