CVE-2023-37377 - OpenCVE

An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Exynos W920 Firmware Exynos 980 Firmware Exynos 850 Exynos W920 Exynos 980 Exynos 850 Firmware Exynos 2100 Firmware Exynos 2100

Configuration 1 [-]

AND

cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*

References

Link	Resource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-09-08T00:00:00

Updated: 2023-09-08T02:05:22.871798

Reserved: 2023-07-03T00:00:00

Link: CVE-2023-37377

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-08T03:15:08.643

Modified: 2023-09-13T02:34:55.590

Link: CVE-2023-37377

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1928760C-4FC4-45B0-84FF-C1105CD1DD2A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB410A6D-642B-49AE-8B1C-EADA953A84DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89B88BFE-3C82-498C-8EC1-5784836DB1A1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B6ADED27-EDAF-4FB3-8CB2-AE5F59B93641", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BF79654-E5C6-4DFF-B33A-A78571CD300C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en el Procesador M\u00f3vil Samsung Exynos y el Procesador Port\u00e1til (Exynos 980, Exynos 850, Exynos 2100 y Exynos W920). El manejo incorrecto de la incoherencia de los par\u00e1metros de longitud puede provocar un filtrado incorrecto de paquetes."}], "id": "CVE-2023-37377", "lastModified": "2023-09-13T02:34:55.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2023-09-08T03:15:08.643", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}