CVE-2016-4030 - OpenCVE

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301.

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Galaxy Note 3 Galaxy S4 Mini Firmware Galaxy S6 Firmware Galaxy S6 Galaxy S4 Mini Galaxy Note 3 Firmware Galaxy S4 Mini Lte Firmware Galaxy S4 Mini Lte Galaxy S4 Galaxy S4 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu2coh2:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:samsung:galaxy_note_3_firmware:n9005xxugbob6:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_note_3:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:samsung:galaxy_s4_mini_firmware:i9192xxubnb1:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:samsung:galaxy_s4_mini_lte_firmware:i9195xxucol1:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s4_mini_lte:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:samsung:galaxy_s4_firmware:i9505xxuhoj2:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/97701	Third Party Advisory VDB Entry
https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004	Exploit Technical Description Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-04-13T16:00:00

Updated: 2017-04-18T09:57:01

Reserved: 2016-04-15T00:00:00

Link: CVE-2016-4030

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-04-13T16:59:01.177

Modified: 2017-04-25T15:46:12.293

Link: CVE-2016-4030

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-18T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004"}, {"name": "97701", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97701"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-4030", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004", "refsource": "MISC", "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004"}, {"name": "97701", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97701"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-4030", "datePublished": "2017-04-13T16:00:00", "dateReserved": "2016-04-15T00:00:00", "dateUpdated": "2017-04-18T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu2coh2:*:*:*:*:*:*:*", "matchCriteriaId": "03F1AFDE-A42D-4B25-8081-1BBA0319A138", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9C84354-75A3-4E55-A2D0-C0783AF36B37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_note_3_firmware:n9005xxugbob6:*:*:*:*:*:*:*", "matchCriteriaId": "7B1A9C49-9E9E-4BD8-9AF2-3C1C281F82C5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_note_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "B148CE20-A498-4F1E-9C2D-C38F9F15292D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_s4_mini_firmware:i9192xxubnb1:*:*:*:*:*:*:*", "matchCriteriaId": "D4957EA2-52E5-430F-8C88-342F42210296", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*", "matchCriteriaId": "721FDF15-999F-42C1-90C2-4708C6DB98B1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_s4_mini_lte_firmware:i9195xxucol1:*:*:*:*:*:*:*", "matchCriteriaId": "086D5334-9867-479D-8EE6-974794850C6C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_s4_mini_lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "23C6FF67-C53E-4AAF-A3EF-2FCC448F0E6E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_s4_firmware:i9505xxuhoj2:*:*:*:*:*:*:*", "matchCriteriaId": "5E2BC548-BCA0-4DAF-BA14-B8B135159E0F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*", "matchCriteriaId": "717D895C-E64D-4E0E-9F4A-9B191E6388B6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301."}, {"lang": "es", "value": "Samsung en dispositivos SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), y GT-I9505 build I9505XXUHOJ2 (Galaxy S4) tienen disponibilidad no deseada del m\u00f3dem en el n\u00famero de configuraci\u00f3n USB 2 dentro del estado de ca\u00edda seguro, lo que permite a un atacante realizar llamadas telef\u00f3nicas, enviar mensajes de texto o emitir comandos, tambi\u00e9n conocido como SVE-2016-5301."}], "id": "CVE-2016-4030", "lastModified": "2017-04-25T15:46:12.293", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-13T16:59:01.177", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97701"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}