ID

VAR-202207-0707


CVE

CVE-2022-33698


TITLE

Samsung Telecom application information disclosure vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-76486

DESCRIPTION

Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log. Samsung Telecom application is an application for Samsung (Samsung) mobile devices. An attacker could exploit this vulnerability to access the ICCID through logs

Trust: 1.53

sources: NVD: CVE-2022-33698 // CNVD: CNVD-2022-76486 // VULMON: CVE-2022-33698

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-76486

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:12.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:10.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:11.0

Trust: 1.0

vendor:samsungmodel:mobile devices qscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices rscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices sscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-76486 // NVD: CVE-2022-33698

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-33698
value: LOW

Trust: 1.0

mobile.security@samsung.com: CVE-2022-33698
value: LOW

Trust: 1.0

CNVD: CNVD-2022-76486
value: LOW

Trust: 0.6

CNNVD: CNNVD-202207-1014
value: LOW

Trust: 0.6

VULMON: CVE-2022-33698
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2022-33698
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2022-76486
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-33698
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 2.0

sources: CNVD: CNVD-2022-76486 // VULMON: CVE-2022-33698 // CNNVD: CNNVD-202207-1014 // NVD: CVE-2022-33698 // NVD: CVE-2022-33698

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:CWE-668

Trust: 1.0

sources: NVD: CVE-2022-33698

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-1014

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-1014

PATCH

title:Patch for Samsung Telecom application information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/356801

Trust: 0.6

title:SAMSUNG Mobile devices Telecom application Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200402

Trust: 0.6

sources: CNVD: CNVD-2022-76486 // CNNVD: CNNVD-202207-1014

EXTERNAL IDS

db:NVDid:CVE-2022-33698

Trust: 2.3

db:CNVDid:CNVD-2022-76486

Trust: 0.6

db:CNNVDid:CNNVD-202207-1014

Trust: 0.6

db:VULMONid:CVE-2022-33698

Trust: 0.1

sources: CNVD: CNVD-2022-76486 // VULMON: CVE-2022-33698 // CNNVD: CNNVD-202207-1014 // NVD: CVE-2022-33698

REFERENCES

url:https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=7

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-33698

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-33698/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/668.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-76486 // VULMON: CVE-2022-33698 // CNNVD: CNNVD-202207-1014 // NVD: CVE-2022-33698

SOURCES

db:CNVDid:CNVD-2022-76486
db:VULMONid:CVE-2022-33698
db:CNNVDid:CNNVD-202207-1014
db:NVDid:CVE-2022-33698

LAST UPDATE DATE

2024-08-14T15:42:21.963000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-76486date:2022-11-11T00:00:00
db:VULMONid:CVE-2022-33698date:2022-07-16T00:00:00
db:CNNVDid:CNNVD-202207-1014date:2022-07-18T00:00:00
db:NVDid:CVE-2022-33698date:2022-07-16T03:15:02.857

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-76486date:2022-10-14T00:00:00
db:VULMONid:CVE-2022-33698date:2022-07-12T00:00:00
db:CNNVDid:CNNVD-202207-1014date:2022-07-12T00:00:00
db:NVDid:CVE-2022-33698date:2022-07-12T14:15:17.760