Details of VAR-202206-0776

ID

VAR-202206-0776

CVE

CVE-2022-30726

TITLE

Samsung mobile SecSettingsIntelligence Unprotected Component Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2023-73897

DESCRIPTION

Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. Samsung mobile is a mobile phone produced by the South Korean company Samsung. There is an unprotected component vulnerability in Samsung mobile SecSettingsIntelligence. The vulnerability is caused by the existence of unprotected components in DeviceSearchTrampoline

Trust: 1.44

sources: NVD: CVE-2022-30726 // CNVD: CNVD-2023-73897

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-73897

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	samsung	model:	s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-73897 // NVD: CVE-2022-30726

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-30726
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-30726
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2023-73897
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202206-698
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-30726
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2023-73897
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-30726
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-30726
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2023-73897 // CNNVD: CNNVD-202206-698 // NVD: CVE-2022-30726 // NVD: CVE-2022-30726

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0

sources: NVD: CVE-2022-30726

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202206-698

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-698

PATCH

title:	Patch for Samsung mobile SecSettingsIntelligence Unprotected Component Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/353831	Trust: 0.6
title:	Samsung mobile Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195803	Trust: 0.6

sources: CNVD: CNVD-2023-73897 // CNNVD: CNNVD-202206-698

EXTERNAL IDS

db:	NVD	id:	CVE-2022-30726	Trust: 2.2
db:	CNVD	id:	CNVD-2023-73897	Trust: 0.6
db:	CNNVD	id:	CNNVD-202206-698	Trust: 0.6

sources: CNVD: CNVD-2023-73897 // CNNVD: CNNVD-202206-698 // NVD: CVE-2022-30726

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=6	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30726	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-30726/	Trust: 0.6

sources: CNVD: CNVD-2023-73897 // CNNVD: CNNVD-202206-698 // NVD: CVE-2022-30726

SOURCES

db:	CNVD	id:	CNVD-2023-73897
db:	CNNVD	id:	CNNVD-202206-698
db:	NVD	id:	CVE-2022-30726

LAST UPDATE DATE

2024-08-14T15:06:21.996000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-73897	date:	2023-09-29T00:00:00
db:	CNNVD	id:	CNNVD-202206-698	date:	2022-06-13T00:00:00
db:	NVD	id:	CVE-2022-30726	date:	2022-06-11T02:05:06.087

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-73897	date:	2022-08-17T00:00:00
db:	CNNVD	id:	CNNVD-202206-698	date:	2022-06-07T00:00:00
db:	NVD	id:	CVE-2022-30726	date:	2022-06-07T18:15:12.970