Details of VAR-202207-0704

ID

VAR-202207-0704

CVE

CVE-2022-30755

TITLE

Samsung App lock Authentication Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-69737

DESCRIPTION

Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent. Samsung App lock is an application for Samsung (Samsung) mobile devices, which can protect your privacy with password lock, pattern lock, fingerprint lock

Trust: 1.53

sources: NVD: CVE-2022-30755 // CNVD: CNVD-2022-69737 // VULMON: CVE-2022-30755

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-69737

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-69737 // NVD: CVE-2022-30755

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-30755
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-30755
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2022-69737
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202207-1057
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-30755
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-30755
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-69737
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-30755
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-30755
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.5
impactScore:	4.7
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-69737 // VULMON: CVE-2022-30755 // CNNVD: CNNVD-202207-1057 // NVD: CVE-2022-30755 // NVD: CVE-2022-30755

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.0

sources: NVD: CVE-2022-30755

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-1057

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202207-1057

PATCH

title:	Patch for Samsung App lock Authentication Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/356361	Trust: 0.6
title:	SAMSUNG Mobile devices App lock Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200428	Trust: 0.6

sources: CNVD: CNVD-2022-69737 // CNNVD: CNNVD-202207-1057

EXTERNAL IDS

db:	NVD	id:	CVE-2022-30755	Trust: 2.3
db:	CNVD	id:	CNVD-2022-69737	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-1057	Trust: 0.6
db:	VULMON	id:	CVE-2022-30755	Trust: 0.1

sources: CNVD: CNVD-2022-69737 // VULMON: CVE-2022-30755 // CNNVD: CNNVD-202207-1057 // NVD: CVE-2022-30755

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=7	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30755	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-30755/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-69737 // VULMON: CVE-2022-30755 // CNNVD: CNNVD-202207-1057 // NVD: CVE-2022-30755

SOURCES

db:	CNVD	id:	CNVD-2022-69737
db:	VULMON	id:	CVE-2022-30755
db:	CNNVD	id:	CNNVD-202207-1057
db:	NVD	id:	CVE-2022-30755

LAST UPDATE DATE

2024-08-14T13:42:36.286000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-69737	date:	2022-10-19T00:00:00
db:	VULMON	id:	CVE-2022-30755	date:	2022-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202207-1057	date:	2022-07-19T00:00:00
db:	NVD	id:	CVE-2022-30755	date:	2022-07-16T03:52:45.677

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-69737	date:	2022-10-19T00:00:00
db:	VULMON	id:	CVE-2022-30755	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-1057	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-30755	date:	2022-07-12T14:15:16.190