{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-42552", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "state": "PUBLISHED", "assignerShortName": "Samsung Mobile", "dateReserved": "2023-09-11T23:55:08.351Z", "datePublished": "2023-11-07T07:49:51.107Z", "dateUpdated": "2024-09-12T19:14:13.915Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication"}]}], "affected": [{"vendor": "Samsung Mobile", "product": "Firewall", "versions": [{"status": "unaffected", "version": "12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall."}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile", "dateUpdated": "2023-11-07T07:49:51.107Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:23:39.614Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T16:24:37.193193Z", "id": "CVE-2023-42552", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T19:14:13.915Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:23:39.614Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-42552", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-04T16:24:37.193193Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T19:14:08.776Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Samsung Mobile", "product": "Firewall", "versions": [{"status": "unaffected", "version": "12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13"}], "defaultStatus": "affected"}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11"}], "descriptions": [{"lang": "en", "value": "Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication"}]}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile", "dateUpdated": "2023-11-07T07:49:51.107Z"}}}, "cveMetadata": {"cveId": "CVE-2023-42552", "state": "PUBLISHED", "dateUpdated": "2024-09-12T19:14:13.915Z", "dateReserved": "2023-09-11T23:55:08.351Z", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "datePublished": "2023-11-07T07:49:51.107Z", "assignerShortName": "Samsung Mobile"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "A269A511-FB05-4B17-8D3F-F35C6D105EE9", "versionEndExcluding": "12.1.00.24", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:11.0:-:*:*:*:*:*:*", "matchCriteriaId": "DA3806E2-A780-4BB5-B4DC-D015D841E4C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0FC394F-DDA2-4AA9-AB5C-30BE4064DF1B", "versionEndExcluding": "13.1.00.16", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*", "matchCriteriaId": "D757450C-270E-4FB2-A50C-7F769FED558A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "D74F1D07-7AC5-4F25-A485-E13C3D28F0E2", "versionEndExcluding": "14.1.00.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*", "matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall."}, {"lang": "es", "value": "Vulnerabilidad de secuestro de intenci\u00f3n impl\u00edcita en la aplicaci\u00f3n Firewall anterior a las versiones 12.1.00.24 en Android 11, 13.1.00.16 en Android 12 y 14.1.00.7 en Android 13 permite que una aplicaci\u00f3n de terceros altere la base de datos del Firewall."}], "id": "CVE-2023-42552", "lastModified": "2024-11-21T08:22:46.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "mobile.security@samsung.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-07T08:15:23.113", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}