Sign-up

ID

VAR-202407-0473


CVE

CVE-2024-34596


TITLE

Samsung's  SmartThings  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-003868

DESCRIPTION

Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner. Samsung's SmartThings There is an authentication vulnerability in.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-34596 // JVNDB: JVNDB-2024-003868

AFFECTED PRODUCTS

vendor:samsungmodel:smartthingsscope:ltversion:1.8.17

Trust: 1.0

vendor:サムスンmodel:smartthingsscope:eqversion:1.8.17

Trust: 0.8

vendor:サムスンmodel:smartthingsscope: - version: -

Trust: 0.8

vendor:サムスンmodel:smartthingsscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-003868 // NVD: CVE-2024-34596

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-34596
value: HIGH

Trust: 1.0

mobile.security@samsung.com: CVE-2024-34596
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-34596
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2024-34596
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2024-34596
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-34596
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-003868 // NVD: CVE-2024-34596 // NVD: CVE-2024-34596

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-003868 // NVD: CVE-2024-34596

EXTERNAL IDS

db:NVDid:CVE-2024-34596

Trust: 2.6

db:JVNDBid:JVNDB-2024-003868

Trust: 0.8

sources: JVNDB: JVNDB-2024-003868 // NVD: CVE-2024-34596

REFERENCES

url:https://security.samsungmobile.com/serviceweb.smsb?year=2024&month=07

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-34596

Trust: 0.8

sources: JVNDB: JVNDB-2024-003868 // NVD: CVE-2024-34596

SOURCES

db:JVNDBid:JVNDB-2024-003868
db:NVDid:CVE-2024-34596

LAST UPDATE DATE

2024-08-14T14:42:34.318000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-003868date:2024-07-03T01:52:00
db:NVDid:CVE-2024-34596date:2024-07-02T18:04:25.130

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-003868date:2024-07-03T00:00:00
db:NVDid:CVE-2024-34596date:2024-07-02T10:15:08.320