Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact None
Availability Impact None
User Interaction None
No CVSS v3.0
No CVSS v2
Vendors | Products |
---|---|
Samsung |
|
Configuration 1 [-]
|
References
Link | Resource |
---|---|
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Samsung Mobile
Published: 2023-11-07T07:49:30.416Z
Updated: 2023-11-07T07:49:30.416Z
Reserved: 2023-09-11T23:55:08.347Z
Link: CVE-2023-42532
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-07T08:15:15.920
Modified: 2023-11-13T18:09:33.167
Link: CVE-2023-42532
JSON object: View
Redhat Information
No data.
CWE