Details of VAR-202207-0817

ID

VAR-202207-0817

CVE

CVE-2022-33693

TITLE

SAMSUNG Mobile devices CID Manager Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-58407

DESCRIPTION

Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. SAMSUNG Mobile devices is a series of Samsung mobile devices of South Korea's Samsung (SAMSUNG) company, including mobile phones, tablets, etc. An information disclosure vulnerability exists in the SAMSUNG Mobile devices CID Manager that arises from exposing sensitive information during messaging in the CID Manager. An attacker can exploit this vulnerability to access iccid through logs

Trust: 1.53

sources: NVD: CVE-2022-33693 // CNVD: CNVD-2022-58407 // VULMON: CVE-2022-33693

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-58407

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-58407 // NVD: CVE-2022-33693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33693
value:	LOW
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-33693
value:	LOW
Trust: 1.0
CNVD:	CNVD-2022-58407
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202207-1026
value:	LOW
Trust: 0.6
VULMON:	CVE-2022-33693
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-33693
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-58407
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-33693
baseSeverity:	LOW
baseScore:	2.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-33693
baseSeverity:	LOW
baseScore:	2.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.6
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-58407 // VULMON: CVE-2022-33693 // CNNVD: CNNVD-202207-1026 // NVD: CVE-2022-33693 // NVD: CVE-2022-33693

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	CWE-532	Trust: 1.0

sources: NVD: CVE-2022-33693

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-1026

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202207-1026

PATCH

title:	Patch for SAMSUNG Mobile devices CID Manager Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/343766	Trust: 0.6
title:	SAMSUNG Mobile devices CID Manager Repair measures for log information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200408	Trust: 0.6

sources: CNVD: CNVD-2022-58407 // CNNVD: CNNVD-202207-1026

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33693	Trust: 2.3
db:	CNVD	id:	CNVD-2022-58407	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-1026	Trust: 0.6
db:	VULMON	id:	CVE-2022-33693	Trust: 0.1

sources: CNVD: CNVD-2022-58407 // VULMON: CVE-2022-33693 // CNNVD: CNNVD-202207-1026 // NVD: CVE-2022-33693

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=7	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33693	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-33693/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/532.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-58407 // VULMON: CVE-2022-33693 // CNNVD: CNNVD-202207-1026 // NVD: CVE-2022-33693

SOURCES

db:	CNVD	id:	CNVD-2022-58407
db:	VULMON	id:	CVE-2022-33693
db:	CNNVD	id:	CNNVD-202207-1026
db:	NVD	id:	CVE-2022-33693

LAST UPDATE DATE

2024-08-14T14:49:42.261000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-58407	date:	2022-08-19T00:00:00
db:	VULMON	id:	CVE-2022-33693	date:	2022-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202207-1026	date:	2022-07-19T00:00:00
db:	NVD	id:	CVE-2022-33693	date:	2022-07-15T17:55:55.250

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-58407	date:	2022-08-10T00:00:00
db:	VULMON	id:	CVE-2022-33693	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-1026	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-33693	date:	2022-07-12T14:15:17.487