Details of VAR-202207-0903

ID

VAR-202207-0903

CVE

CVE-2022-33692

TITLE

Samsung Message App Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-76483

DESCRIPTION

Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. Samsung Message App is a messaging feature for Samsung (SAMSUNG) mobile devices. An information disclosure vulnerability exists in the Samsung Message App that stems from exposing sensitive information while the app is messaging. Attackers can exploit this vulnerability to access IMSI and ICCID through logs

Trust: 1.53

sources: NVD: CVE-2022-33692 // CNVD: CNVD-2022-76483 // VULMON: CVE-2022-33692

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-76483

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-76483 // NVD: CVE-2022-33692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33692
value:	LOW
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-33692
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2022-76483
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202207-1027
value:	LOW
Trust: 0.6
VULMON:	CVE-2022-33692
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-33692
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-76483
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-33692
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-33692
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-76483 // VULMON: CVE-2022-33692 // CNNVD: CNNVD-202207-1027 // NVD: CVE-2022-33692 // NVD: CVE-2022-33692

PROBLEMTYPE DATA

problemtype:	CWE-213	Trust: 1.0
problemtype:	CWE-668	Trust: 1.0

sources: NVD: CVE-2022-33692

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-1027

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-1027

PATCH

title:	Patch for Samsung Message App Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/356766	Trust: 0.6
title:	SAMSUNG Mobile devices Messaging Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200409	Trust: 0.6

sources: CNVD: CNVD-2022-76483 // CNNVD: CNNVD-202207-1027

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33692	Trust: 2.3
db:	CNVD	id:	CNVD-2022-76483	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-1027	Trust: 0.6
db:	VULMON	id:	CVE-2022-33692	Trust: 0.1

sources: CNVD: CNVD-2022-76483 // VULMON: CVE-2022-33692 // CNNVD: CNNVD-202207-1027 // NVD: CVE-2022-33692

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=7	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33692	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-33692/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/668.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-76483 // VULMON: CVE-2022-33692 // CNNVD: CNNVD-202207-1027 // NVD: CVE-2022-33692

SOURCES

db:	CNVD	id:	CNVD-2022-76483
db:	VULMON	id:	CVE-2022-33692
db:	CNNVD	id:	CNNVD-202207-1027
db:	NVD	id:	CVE-2022-33692

LAST UPDATE DATE

2024-08-14T14:24:40.562000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-76483	date:	2022-11-11T00:00:00
db:	VULMON	id:	CVE-2022-33692	date:	2022-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202207-1027	date:	2022-07-18T00:00:00
db:	NVD	id:	CVE-2022-33692	date:	2022-07-16T03:45:40.823

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-76483	date:	2022-10-14T00:00:00
db:	VULMON	id:	CVE-2022-33692	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-1027	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-33692	date:	2022-07-12T14:15:17.430