Back

CVE-2024-20870

May 7, 2024, 1:39 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Galaxy Store

  • before 4.5.71.8

Source

mobile.security@samsung.com

Tags

2024-05-07
mobile.security@samsung.com
CVE-2024-20870

CVE-2024-20870 details

Published : May 7, 2024, 5:15 a.m.
Last Modified : May 7, 2024, 1:39 p.m.

Description

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

CVSS Score

1 2 3 4 5.1 6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

Base Score

5.1

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

References

URL Source
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=05 mobile.security@samsung.com
This website uses the NVD API, but is not approved or certified by it.