Details of VAR-202205-0504

ID

VAR-202205-0504

CVE

CVE-2022-28782

TITLE

Google of Android Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008887

DESCRIPTION

Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. Google of Android Exists in unspecified vulnerabilities.Information may be tampered with. Samsung Contents To Window is a function of Samsung mobile devices that connects to the Window system. There is an access control error vulnerability in Samsung Contents To Window. This vulnerability is caused by the incorrect access verification logic in Contents To Window. An attacker could exploit this vulnerability to install packages before the installation wizard completes

Trust: 2.25

sources: NVD: CVE-2022-28782 // JVNDB: JVNDB-2022-008887 // CNVD: CNVD-2023-73901 // VULMON: CVE-2022-28782

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-73901

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.8
vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.8
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-73901 // JVNDB: JVNDB-2022-008887 // NVD: CVE-2022-28782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-28782
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-28782
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-28782
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2023-73901
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202205-2008
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2022-28782
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-28782
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2023-73901
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-28782
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-28782
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-73901 // VULMON: CVE-2022-28782 // JVNDB: JVNDB-2022-008887 // CNNVD: CNNVD-202205-2008 // NVD: CVE-2022-28782 // NVD: CVE-2022-28782

PROBLEMTYPE DATA

problemtype:	CWE-424	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-008887 // NVD: CVE-2022-28782

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-2008

PATCH

title:	Patch for Samsung Contents To Window access control error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/356011	Trust: 0.6
title:	Samsung SMR Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=191324	Trust: 0.6

sources: CNVD: CNVD-2023-73901 // CNNVD: CNNVD-202205-2008

EXTERNAL IDS

db:	NVD	id:	CVE-2022-28782	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-008887	Trust: 0.8
db:	CNVD	id:	CNVD-2023-73901	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-2008	Trust: 0.6
db:	VULMON	id:	CVE-2022-28782	Trust: 0.1

sources: CNVD: CNVD-2023-73901 // VULMON: CVE-2022-28782 // JVNDB: JVNDB-2022-008887 // CNNVD: CNNVD-202205-2008 // NVD: CVE-2022-28782

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=5	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28782	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-28782/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-73901 // VULMON: CVE-2022-28782 // JVNDB: JVNDB-2022-008887 // CNNVD: CNNVD-202205-2008 // NVD: CVE-2022-28782

SOURCES

db:	CNVD	id:	CNVD-2023-73901
db:	VULMON	id:	CVE-2022-28782
db:	JVNDB	id:	JVNDB-2022-008887
db:	CNNVD	id:	CNNVD-202205-2008
db:	NVD	id:	CVE-2022-28782

LAST UPDATE DATE

2024-08-14T14:31:12.348000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-73901	date:	2023-09-29T00:00:00
db:	VULMON	id:	CVE-2022-28782	date:	2022-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-008887	date:	2023-08-01T08:31:00
db:	CNNVD	id:	CNNVD-202205-2008	date:	2023-06-29T00:00:00
db:	NVD	id:	CVE-2022-28782	date:	2023-06-28T20:23:51.937

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-73901	date:	2022-10-13T00:00:00
db:	VULMON	id:	CVE-2022-28782	date:	2022-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-008887	date:	2023-08-01T00:00:00
db:	CNNVD	id:	CNNVD-202205-2008	date:	2022-05-03T00:00:00
db:	NVD	id:	CVE-2022-28782	date:	2022-05-03T20:15:09.177