{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-42545", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "state": "PUBLISHED", "assignerShortName": "Samsung Mobile", "dateReserved": "2023-09-11T23:55:08.350Z", "datePublished": "2023-11-07T07:49:43.966Z", "dateUpdated": "2023-11-07T07:49:43.966Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication"}]}], "affected": [{"vendor": "Samsung Mobile", "product": "Phone", "versions": [{"status": "unaffected", "version": "12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data."}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile", "dateUpdated": "2023-11-07T07:49:43.966Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FE3D414-AB15-464A-B774-07A7437AF039", "versionEndExcluding": "12.7.20.12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:11.0:-:*:*:*:*:*:*", "matchCriteriaId": "DA3806E2-A780-4BB5-B4DC-D015D841E4C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7D1B532-E73A-4C63-95D5-8D40C2A197FB", "versionEndExcluding": "13.1.48", "vulnerable": true}, {"criteria": "cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4B9617A-1B75-45C9-B87D-0F3A451884D3", "versionEndExcluding": "13.5.28", "versionStartIncluding": "13.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*", "matchCriteriaId": "D757450C-270E-4FB2-A50C-7F769FED558A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:phone:*:*:*:*:*:*:*:*", "matchCriteriaId": "8623488D-66A9-4EA0-A086-09458C338422", "versionEndExcluding": "14.7.38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*", "matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data."}, {"lang": "es", "value": "El uso de intenci\u00f3n impl\u00edcita para una vulnerabilidad de comunicaci\u00f3n confidencial en Phone antes de las versiones 12.7.20.12 en Android 11, 13.1.48, 13.5.28 en Android 12 y 14.7.38 en Android 13 permite a los atacantes acceder a datos de ubicaci\u00f3n."}], "id": "CVE-2023-42545", "lastModified": "2023-11-15T13:20:25.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "mobile.security@samsung.com", "type": "Secondary"}]}, "published": "2023-11-07T08:15:21.027", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}