{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-42571", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "state": "PUBLISHED", "assignerShortName": "SamsungMobile", "dateReserved": "2023-09-11T23:55:08.356Z", "datePublished": "2023-12-05T02:44:28.948Z", "dateUpdated": "2023-12-05T02:44:28.948Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-287: Improper Authentication"}]}], "affected": [{"vendor": "Samsung Mobile", "product": "Find My Mobile", "versions": [{"status": "unaffected", "version": "7.3.13.4"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device."}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.6, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "SamsungMobile", "dateUpdated": "2023-12-05T02:44:28.948Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:find_my_mobile:*:*:*:*:*:*:*:*", "matchCriteriaId": "4185038B-DDD2-47F6-9C44-9CC2EF57615A", "versionEndExcluding": "7.3.13.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device."}, {"lang": "es", "value": "El abuso del desbloqueo remoto en Find My Mobile anterior a la versi\u00f3n 7.3.13.4 permite a un atacante f\u00edsico desbloquear el dispositivo de forma remota restableciendo la contrase\u00f1a de la cuenta Samsung con verificaci\u00f3n por SMS cuando el usuario pierde el dispositivo."}], "id": "CVE-2023-42571", "lastModified": "2023-12-11T14:50:26.363", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 6.0, "source": "mobile.security@samsung.com", "type": "Secondary"}]}, "published": "2023-12-05T03:15:17.573", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}