CVE-2022-36873 - OpenCVE

Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Galaxy Watch Plugin

Configuration 1 [-]

cpe:2.3:a:samsung:galaxy_watch_plugin:*:*:*:*:*:android:*:*

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Samsung Mobile

Published: 2022-09-09T14:40:01

Updated: 2022-09-16T16:42:35

Reserved: 2022-07-27T00:00:00

Link: CVE-2022-36873

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-09T15:15:12.947

Modified: 2022-09-21T20:26:32.503

Link: CVE-2022-36873

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "com.samsung.android.waterplugin", "vendor": "Samsung Mobile", "versions": [{"lessThan": "2.2.11.22081151", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-16T16:42:35", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09"}], "source": {"discovery": "UNKNOWN"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-36873", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "com.samsung.android.waterplugin", "version": {"version_data": [{"version_affected": "<", "version_name": "", "version_value": "2.2.11.22081151"}]}}]}, "vendor_name": "Samsung Mobile"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20: Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09", "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2022-36873", "datePublished": "2022-09-09T14:40:01", "dateReserved": "2022-07-27T00:00:00", "dateUpdated": "2022-09-16T16:42:35", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:galaxy_watch_plugin:*:*:*:*:*:android:*:*", "matchCriteriaId": "2C5E4800-5C07-48C8-957C-147854B62D83", "versionEndExcluding": "2.2.11.22081151", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device."}, {"lang": "es", "value": "Una restricci\u00f3n inapropiada de la difusi\u00f3n de la intenci\u00f3n en GalaxyStoreBridgePageLinker de Waterplugin versiones anteriores a 2.2.11.22081151, filtra la direcci\u00f3n MAC del dispositivo Bluetooth conectado"}], "id": "CVE-2022-36873", "lastModified": "2022-09-21T20:26:32.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.4, "source": "mobile.security@samsung.com", "type": "Secondary"}]}, "published": "2022-09-09T15:15:12.947", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "mobile.security@samsung.com", "type": "Secondary"}]}