ID

VAR-202207-0929


CVE

CVE-2022-30754


TITLE

Samsung AppLinker Implicit Intent Hijacking Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-69735

DESCRIPTION

Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker. Samsung AppLinker is an application for Samsung mobile devices. There is an implicit intent hijacking vulnerability in Samsung AppLinker. This vulnerability stems from the fact that when implicit intent is used, the receiver of the intent message is not restricted

Trust: 1.53

sources: NVD: CVE-2022-30754 // CNVD: CNVD-2022-69735 // VULMON: CVE-2022-30754

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-69735

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:12.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:10.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:11.0

Trust: 1.0

vendor:samsungmodel:mobile devices qscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices rscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices sscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-69735 // NVD: CVE-2022-30754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-30754
value: HIGH

Trust: 1.0

mobile.security@samsung.com: CVE-2022-30754
value: HIGH

Trust: 1.0

CNVD: CNVD-2022-69735
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202207-1048
value: HIGH

Trust: 0.6

VULMON: CVE-2022-30754
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-30754
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2022-69735
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-30754
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2022-30754
baseSeverity: HIGH
baseScore: 8.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.5
impactScore: 5.3
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-69735 // VULMON: CVE-2022-30754 // CNNVD: CNNVD-202207-1048 // NVD: CVE-2022-30754 // NVD: CVE-2022-30754

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2022-30754

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-1048

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-1048

PATCH

title:Patch for Samsung AppLinker Implicit Intent Hijacking Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/356356

Trust: 0.6

title:SAMSUNG Mobile devices Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200421

Trust: 0.6

sources: CNVD: CNVD-2022-69735 // CNNVD: CNNVD-202207-1048

EXTERNAL IDS

db:NVDid:CVE-2022-30754

Trust: 2.3

db:CNVDid:CNVD-2022-69735

Trust: 0.6

db:CNNVDid:CNNVD-202207-1048

Trust: 0.6

db:VULMONid:CVE-2022-30754

Trust: 0.1

sources: CNVD: CNVD-2022-69735 // VULMON: CVE-2022-30754 // CNNVD: CNNVD-202207-1048 // NVD: CVE-2022-30754

REFERENCES

url:https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=7

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-30754

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-30754/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-69735 // VULMON: CVE-2022-30754 // CNNVD: CNNVD-202207-1048 // NVD: CVE-2022-30754

SOURCES

db:CNVDid:CNVD-2022-69735
db:VULMONid:CVE-2022-30754
db:CNNVDid:CNNVD-202207-1048
db:NVDid:CVE-2022-30754

LAST UPDATE DATE

2024-08-14T15:32:39.895000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-69735date:2022-10-19T00:00:00
db:VULMONid:CVE-2022-30754date:2022-07-16T00:00:00
db:CNNVDid:CNNVD-202207-1048date:2022-07-18T00:00:00
db:NVDid:CVE-2022-30754date:2022-07-16T03:53:05.927

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-69735date:2022-10-19T00:00:00
db:VULMONid:CVE-2022-30754date:2022-07-12T00:00:00
db:CNNVDid:CNNVD-202207-1048date:2022-07-12T00:00:00
db:NVDid:CVE-2022-30754date:2022-07-12T14:15:16.133