Details of VAR-202207-0707

ID

VAR-202207-0707

CVE

CVE-2022-33698

TITLE

Samsung Telecom application information disclosure vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-76486

DESCRIPTION

Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log. Samsung Telecom application is an application for Samsung (Samsung) mobile devices. An attacker could exploit this vulnerability to access the ICCID through logs

Trust: 1.53

sources: NVD: CVE-2022-33698 // CNVD: CNVD-2022-76486 // VULMON: CVE-2022-33698

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-76486

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-76486 // NVD: CVE-2022-33698

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33698
value:	LOW
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-33698
value:	LOW
Trust: 1.0
CNVD:	CNVD-2022-76486
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202207-1014
value:	LOW
Trust: 0.6
VULMON:	CVE-2022-33698
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-33698
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-76486
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-33698
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2022-76486 // VULMON: CVE-2022-33698 // CNNVD: CNNVD-202207-1014 // NVD: CVE-2022-33698 // NVD: CVE-2022-33698

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	CWE-668	Trust: 1.0

sources: NVD: CVE-2022-33698

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-1014

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-1014

PATCH

title:	Patch for Samsung Telecom application information disclosure vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/356801	Trust: 0.6
title:	SAMSUNG Mobile devices Telecom application Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200402	Trust: 0.6

sources: CNVD: CNVD-2022-76486 // CNNVD: CNNVD-202207-1014

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33698	Trust: 2.3
db:	CNVD	id:	CNVD-2022-76486	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-1014	Trust: 0.6
db:	VULMON	id:	CVE-2022-33698	Trust: 0.1

sources: CNVD: CNVD-2022-76486 // VULMON: CVE-2022-33698 // CNNVD: CNNVD-202207-1014 // NVD: CVE-2022-33698

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=7	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33698	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-33698/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/668.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-76486 // VULMON: CVE-2022-33698 // CNNVD: CNNVD-202207-1014 // NVD: CVE-2022-33698

SOURCES

db:	CNVD	id:	CNVD-2022-76486
db:	VULMON	id:	CVE-2022-33698
db:	CNNVD	id:	CNNVD-202207-1014
db:	NVD	id:	CVE-2022-33698

LAST UPDATE DATE

2024-08-14T15:42:21.963000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-76486	date:	2022-11-11T00:00:00
db:	VULMON	id:	CVE-2022-33698	date:	2022-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202207-1014	date:	2022-07-18T00:00:00
db:	NVD	id:	CVE-2022-33698	date:	2022-07-16T03:15:02.857

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-76486	date:	2022-10-14T00:00:00
db:	VULMON	id:	CVE-2022-33698	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-1014	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-33698	date:	2022-07-12T14:15:17.760