Multiple vulnerabilities in Samsung Account
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2023-42550 CVE-2023-42546 CVE-2023-42547 CVE-2023-42548 CVE-2023-42549 CVE-2023-42551 |
| CWE-ID | CWE-927 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Account Mobile applications / Apps for mobile phones |
| Vendor | Samsung |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Use of Implicit Intent for Sensitive Communication
EUVDB-ID: #VU82844
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-42550
CWE-ID:
CWE-927 - Use of Implicit Intent for Sensitive Communication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of implicit intent for sensitive communication. A remote attacker can access arbitrary file with Samsung Account privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAccount: before 14.5.00.7
CPE2.3 External linkshttps://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to perform certain actions on the device.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of Implicit Intent for Sensitive Communication
EUVDB-ID: #VU82879
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-42546
CWE-ID:
CWE-927 - Use of Implicit Intent for Sensitive Communication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of implicit intent for sensitive communication. A remote attacker can access arbitrary file with Samsung Account privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAccount: before 14.5.00.7
CPE2.3 External linkshttps://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to perform certain actions on the device.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of Implicit Intent for Sensitive Communication
EUVDB-ID: #VU82874
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-42547
CWE-ID:
CWE-927 - Use of Implicit Intent for Sensitive Communication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of implicit intent for sensitive communication. A remote attacker can access arbitrary file with Samsung Account privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAccount: before 14.5.00.7
CPE2.3 External linkshttps://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to perform certain actions on the device.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use of Implicit Intent for Sensitive Communication
EUVDB-ID: #VU82872
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-42548
CWE-ID:
CWE-927 - Use of Implicit Intent for Sensitive Communication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of implicit intent for sensitive communication. A remote attacker can access arbitrary file with Samsung Account privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAccount: before 14.5.00.7
CPE2.3 External linkshttps://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to perform certain actions on the device.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of Implicit Intent for Sensitive Communication
EUVDB-ID: #VU82871
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-42549
CWE-ID:
CWE-927 - Use of Implicit Intent for Sensitive Communication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of implicit intent for sensitive communication. A remote attacker can access arbitrary file with Samsung Account privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAccount: before 14.5.00.7
CPE2.3 External linkshttps://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to perform certain actions on the device.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use of Implicit Intent for Sensitive Communication
EUVDB-ID: #VU82843
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-42551
CWE-ID:
CWE-927 - Use of Implicit Intent for Sensitive Communication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of implicit intent for sensitive communication. A remote attacker can access arbitrary file with Samsung Account privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAccount: before 14.5.00.7
CPE2.3 External linkshttps://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to perform certain actions on the device.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
