Details of VAR-202207-0710

ID

VAR-202207-0710

CVE

CVE-2022-33704

TITLE

Samsung KnoxSDK Input Validation Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-76482

DESCRIPTION

Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. Samsung KnoxSDK is a security solution based on the open source Android platform of Samsung (Samsung) in South Korea. It can comprehensively enhance the security through the combination of physical means and software system. Individual employees bring industry-leading enterprise mobility security solutions. There is an input validation error vulnerability in Samsung KnoxSDK, which stems from the lack of correct validation logic in ucmRetParcelable in KnoxSDK

Trust: 1.53

sources: NVD: CVE-2022-33704 // CNVD: CNVD-2022-76482 // VULMON: CVE-2022-33704

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-76482

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-76482 // NVD: CVE-2022-33704

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33704
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-33704
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2022-76482
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202207-1002
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-33704
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-33704
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-76482
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-33704
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-33704
baseSeverity:	HIGH
baseScore:	8.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.5
impactScore:	5.3
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-76482 // VULMON: CVE-2022-33704 // CNNVD: CNNVD-202207-1002 // NVD: CVE-2022-33704 // NVD: CVE-2022-33704

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.0

sources: NVD: CVE-2022-33704

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-1002

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202207-1002

PATCH

title:	Patch for Samsung KnoxSDK Input Validation Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/356756	Trust: 0.6
title:	SAMSUNG Mobile devices KnoxSDK Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200396	Trust: 0.6

sources: CNVD: CNVD-2022-76482 // CNNVD: CNNVD-202207-1002

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33704	Trust: 2.3
db:	CNVD	id:	CNVD-2022-76482	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-1002	Trust: 0.6
db:	VULMON	id:	CVE-2022-33704	Trust: 0.1

sources: CNVD: CNVD-2022-76482 // VULMON: CVE-2022-33704 // CNNVD: CNNVD-202207-1002 // NVD: CVE-2022-33704

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=7	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33704	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-33704/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-76482 // VULMON: CVE-2022-33704 // CNNVD: CNNVD-202207-1002 // NVD: CVE-2022-33704

SOURCES

db:	CNVD	id:	CNVD-2022-76482
db:	VULMON	id:	CVE-2022-33704
db:	CNNVD	id:	CNNVD-202207-1002
db:	NVD	id:	CVE-2022-33704

LAST UPDATE DATE

2024-08-14T15:06:16.340000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-76482	date:	2022-11-11T00:00:00
db:	VULMON	id:	CVE-2022-33704	date:	2022-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202207-1002	date:	2022-07-19T00:00:00
db:	NVD	id:	CVE-2022-33704	date:	2022-07-16T03:05:24.030

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-76482	date:	2022-10-14T00:00:00
db:	VULMON	id:	CVE-2022-33704	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-1002	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-33704	date:	2022-07-12T14:15:18.103