Details of VAR-202207-0887

ID

VAR-202207-0887

CVE

CVE-2022-33697

TITLE

Samsung ImsCore Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-70735

DESCRIPTION

Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. Samsung ImsCore is a configuration of Samsung mobile devices. An information disclosure vulnerability exists in Samsung ImsCore, which stems from the failure to protect sensitive information in ImsServiceSwitchBase. Attackers can exploit this vulnerability to obtain IMSI through device logs

Trust: 1.53

sources: NVD: CVE-2022-33697 // CNVD: CNVD-2022-70735 // VULMON: CVE-2022-33697

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-70735

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-70735 // NVD: CVE-2022-33697

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33697
value:	LOW
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-33697
value:	LOW
Trust: 1.0
CNVD:	CNVD-2022-70735
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202207-1018
value:	LOW
Trust: 0.6
VULMON:	CVE-2022-33697
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-33697
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-70735
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-33697
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2022-70735 // VULMON: CVE-2022-33697 // CNNVD: CNNVD-202207-1018 // NVD: CVE-2022-33697 // NVD: CVE-2022-33697

PROBLEMTYPE DATA

problemtype:

CWE-532

Trust: 1.0

sources: NVD: CVE-2022-33697

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-1018

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202207-1018

PATCH

title:	Patch for Samsung ImsCore Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/356441	Trust: 0.6
title:	SAMSUNG Mobile devices ImsCore Repair measures for log information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200403	Trust: 0.6

sources: CNVD: CNVD-2022-70735 // CNNVD: CNNVD-202207-1018

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33697	Trust: 2.3
db:	CNVD	id:	CNVD-2022-70735	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-1018	Trust: 0.6
db:	VULMON	id:	CVE-2022-33697	Trust: 0.1

sources: CNVD: CNVD-2022-70735 // VULMON: CVE-2022-33697 // CNNVD: CNNVD-202207-1018 // NVD: CVE-2022-33697

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=7	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33697	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-33697/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/532.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-70735 // VULMON: CVE-2022-33697 // CNNVD: CNNVD-202207-1018 // NVD: CVE-2022-33697

SOURCES

db:	CNVD	id:	CNVD-2022-70735
db:	VULMON	id:	CVE-2022-33697
db:	CNNVD	id:	CNNVD-202207-1018
db:	NVD	id:	CVE-2022-33697

LAST UPDATE DATE

2024-08-14T15:32:39.944000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-70735	date:	2022-10-24T00:00:00
db:	VULMON	id:	CVE-2022-33697	date:	2022-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202207-1018	date:	2022-07-19T00:00:00
db:	NVD	id:	CVE-2022-33697	date:	2022-07-16T03:15:18.303

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-70735	date:	2022-10-24T00:00:00
db:	VULMON	id:	CVE-2022-33697	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-1018	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-33697	date:	2022-07-12T14:15:17.707