Products
SmartThings
- before 1.8.17
smartthings
- *
Source
mobile.security@samsung.com
Tags
CVE-2024-34596 details
Published : July 2, 2024, 10:15 a.m.
Last Modified : July 2, 2024, 6:04 p.m.
Last Modified : July 2, 2024, 6:04 p.m.
Description
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.5 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-287 | Improper Authentication | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
7.5
Exploitability Score
3.9
Impact Score
3.6
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
| URL | Source |
|---|---|
| https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=07 | mobile.security@samsung.com |
CPEs
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | samsung | smartthings | / | / | / | / | / | / | / | / |
This website uses the NVD API, but is not approved or certified by it.