Details of VAR-202206-0664

ID

VAR-202206-0664

CVE

CVE-2022-30727

TITLE

Samsung mobile PersonaManagerService authorization issue vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-67282

DESCRIPTION

Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. Samsung mobile is a mobile phone from Samsung (Samsung) in South Korea. An authorization issue vulnerability exists in Samsung mobile PersonaManagerService. The vulnerability stems from improper permission management in addAppPackageNameToAllowList. This vulnerability can be exploited by a local attacker to set some settings in the workspace

Trust: 1.53

sources: NVD: CVE-2022-30727 // CNVD: CNVD-2022-67282 // VULMON: CVE-2022-30727

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-67282

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	samsung	model:	q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-67282 // NVD: CVE-2022-30727

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-30727
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-30727
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2022-67282
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202206-694
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2022-30727
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-30727
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-67282
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-30727
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-30727
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-67282 // VULMON: CVE-2022-30727 // CNNVD: CNNVD-202206-694 // NVD: CVE-2022-30727 // NVD: CVE-2022-30727

PROBLEMTYPE DATA

problemtype:	CWE-280	Trust: 1.0
problemtype:	CWE-755	Trust: 1.0

sources: NVD: CVE-2022-30727

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202206-694

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-694

PATCH

title:	Patch for Samsung mobile PersonaManagerService authorization issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/353841	Trust: 0.6
title:	Samsung mobile Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195420	Trust: 0.6

sources: CNVD: CNVD-2022-67282 // CNNVD: CNNVD-202206-694

EXTERNAL IDS

db:	NVD	id:	CVE-2022-30727	Trust: 2.3
db:	CNVD	id:	CNVD-2022-67282	Trust: 0.6
db:	CNNVD	id:	CNNVD-202206-694	Trust: 0.6
db:	VULMON	id:	CVE-2022-30727	Trust: 0.1

sources: CNVD: CNVD-2022-67282 // VULMON: CVE-2022-30727 // CNNVD: CNNVD-202206-694 // NVD: CVE-2022-30727

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=6	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30727	Trust: 1.2
url:	https://cxsecurity.com/cveshow/cve-2022-30727/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/755.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-67282 // VULMON: CVE-2022-30727 // CNNVD: CNNVD-202206-694 // NVD: CVE-2022-30727

SOURCES

db:	CNVD	id:	CNVD-2022-67282
db:	VULMON	id:	CVE-2022-30727
db:	CNNVD	id:	CNNVD-202206-694
db:	NVD	id:	CVE-2022-30727

LAST UPDATE DATE

2024-08-14T13:42:44.042000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-67282	date:	2022-10-08T00:00:00
db:	VULMON	id:	CVE-2022-30727	date:	2022-06-11T00:00:00
db:	CNNVD	id:	CNNVD-202206-694	date:	2022-06-13T00:00:00
db:	NVD	id:	CVE-2022-30727	date:	2022-06-11T02:06:18.820

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-67282	date:	2022-10-08T00:00:00
db:	VULMON	id:	CVE-2022-30727	date:	2022-06-07T00:00:00
db:	CNNVD	id:	CNNVD-202206-694	date:	2022-06-07T00:00:00
db:	NVD	id:	CVE-2022-30727	date:	2022-06-07T19:15:09.693