Details of VAR-202207-0929

ID

VAR-202207-0929

CVE

CVE-2022-30754

TITLE

Samsung AppLinker Implicit Intent Hijacking Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-69735

DESCRIPTION

Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker. Samsung AppLinker is an application for Samsung mobile devices. There is an implicit intent hijacking vulnerability in Samsung AppLinker. This vulnerability stems from the fact that when implicit intent is used, the receiver of the intent message is not restricted

Trust: 1.53

sources: NVD: CVE-2022-30754 // CNVD: CNVD-2022-69735 // VULMON: CVE-2022-30754

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-69735

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-69735 // NVD: CVE-2022-30754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-30754
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-30754
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2022-69735
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202207-1048
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-30754
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-30754
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-69735
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-30754
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-30754
baseSeverity:	HIGH
baseScore:	8.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.5
impactScore:	5.3
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-69735 // VULMON: CVE-2022-30754 // CNNVD: CNNVD-202207-1048 // NVD: CVE-2022-30754 // NVD: CVE-2022-30754

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0

sources: NVD: CVE-2022-30754

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-1048

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-1048

PATCH

title:	Patch for Samsung AppLinker Implicit Intent Hijacking Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/356356	Trust: 0.6
title:	SAMSUNG Mobile devices Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200421	Trust: 0.6

sources: CNVD: CNVD-2022-69735 // CNNVD: CNNVD-202207-1048

EXTERNAL IDS

db:	NVD	id:	CVE-2022-30754	Trust: 2.3
db:	CNVD	id:	CNVD-2022-69735	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-1048	Trust: 0.6
db:	VULMON	id:	CVE-2022-30754	Trust: 0.1

sources: CNVD: CNVD-2022-69735 // VULMON: CVE-2022-30754 // CNNVD: CNNVD-202207-1048 // NVD: CVE-2022-30754

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=7	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30754	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-30754/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-69735 // VULMON: CVE-2022-30754 // CNNVD: CNNVD-202207-1048 // NVD: CVE-2022-30754

SOURCES

db:	CNVD	id:	CNVD-2022-69735
db:	VULMON	id:	CVE-2022-30754
db:	CNNVD	id:	CNNVD-202207-1048
db:	NVD	id:	CVE-2022-30754

LAST UPDATE DATE

2024-08-14T15:32:39.895000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-69735	date:	2022-10-19T00:00:00
db:	VULMON	id:	CVE-2022-30754	date:	2022-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202207-1048	date:	2022-07-18T00:00:00
db:	NVD	id:	CVE-2022-30754	date:	2022-07-16T03:53:05.927

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-69735	date:	2022-10-19T00:00:00
db:	VULMON	id:	CVE-2022-30754	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-1048	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-30754	date:	2022-07-12T14:15:16.133