CVE-2021-25433 - OpenCVE

Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Tizen

Configuration 1 [-]

cpe:2.3:o:linux:tizen:*:*:*:*:*:*:*:*

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Samsung Mobile

Published: 2021-07-08T13:45:49

Updated: 2021-07-08T13:45:49

Reserved: 2021-01-19T00:00:00

Link: CVE-2021-25433

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-07-08T14:15:08.587

Modified: 2022-07-25T11:10:46.530

Link: CVE-2021-25433

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Tizen wearable devices", "vendor": "Samsung Mobile", "versions": [{"lessThan": "Firmware update JUL-2021 Release", "status": "affected", "version": "Tizen 5.5", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal."}], "metrics": [{"other": {"content": {"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285: Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-08T13:45:49", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"}], "source": {"discovery": "UNKNOWN"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25433", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Tizen wearable devices", "version": {"version_data": [{"version_affected": "<", "version_name": "Tizen 5.5", "version_value": "Firmware update JUL-2021 Release"}]}}]}, "vendor_name": "Samsung Mobile"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal."}]}, "impact": {"cvss": {"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285: Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7", "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2021-25433", "datePublished": "2021-07-08T13:45:49", "dateReserved": "2021-01-19T00:00:00", "dateUpdated": "2021-07-08T13:45:49", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:tizen:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8A186D7-A9F7-4D4B-9D4F-F3C239695EE9", "versionEndExcluding": "5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal."}, {"lang": "es", "value": "Una vulnerabilidad de autorizaci\u00f3n inapropiada en la pol\u00edtica de restablecimiento de f\u00e1brica de Tizen anterior a la actualizaci\u00f3n del firmware JUL-2021 Release,, permite que aplicaciones no confiables lleven a cabo el restablecimiento de f\u00e1brica usando la se\u00f1al dbus"}], "id": "CVE-2021-25433", "lastModified": "2022-07-25T11:10:46.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-08T14:15:08.587", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "mobile.security@samsung.com", "type": "Secondary"}]}