Details of VAR-202212-0867

ID

VAR-202212-0867

CVE

CVE-2022-39901

TITLE

Samsung's exynos Authentication vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-023066

DESCRIPTION

Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB. Samsung's exynos An authentication vulnerability exists in firmware.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-39901 // JVNDB: JVNDB-2022-023066 // VULMON: CVE-2022-39901

AFFECTED PRODUCTS

vendor:	samsung	model:	exynos	scope:	eq	version:	-	Trust: 1.0
vendor:	サムスン	model:	exynos	scope:	eq	version:	exynos firmware	Trust: 0.8
vendor:	サムスン	model:	exynos	scope:	eq	version:	-	Trust: 0.8
vendor:	サムスン	model:	exynos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023066 // NVD: CVE-2022-39901

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-39901
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-39901
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-39901
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202212-2723
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-39901
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-39901
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023066 // CNNVD: CNNVD-202212-2723 // NVD: CVE-2022-39901 // NVD: CVE-2022-39901

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023066 // NVD: CVE-2022-39901

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202212-2723

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202212-2723

PATCH

title:

SAMSUNG Mobile devices Remediation measures for authorization problem vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=217158

Trust: 0.6

sources: CNNVD: CNNVD-202212-2723

EXTERNAL IDS

db:	NVD	id:	CVE-2022-39901	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-023066	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-2723	Trust: 0.6
db:	VULMON	id:	CVE-2022-39901	Trust: 0.1

sources: VULMON: CVE-2022-39901 // JVNDB: JVNDB-2022-023066 // CNNVD: CNNVD-202212-2723 // NVD: CVE-2022-39901

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=12	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-39901	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-39901/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-39901 // JVNDB: JVNDB-2022-023066 // CNNVD: CNNVD-202212-2723 // NVD: CVE-2022-39901

SOURCES

db:	VULMON	id:	CVE-2022-39901
db:	JVNDB	id:	JVNDB-2022-023066
db:	CNNVD	id:	CNNVD-202212-2723
db:	NVD	id:	CVE-2022-39901

LAST UPDATE DATE

2024-08-14T14:02:12.123000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-39901	date:	2022-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-023066	date:	2023-11-27T02:08:00
db:	CNNVD	id:	CNNVD-202212-2723	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2022-39901	date:	2022-12-12T18:23:49.237

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-39901	date:	2022-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-023066	date:	2023-11-27T00:00:00
db:	CNNVD	id:	CNNVD-202212-2723	date:	2022-12-08T00:00:00
db:	NVD	id:	CVE-2022-39901	date:	2022-12-08T16:15:12.277