CVE-2021-25373

CVSS 5.5 MEDIUMEPSS 0.2%CWE-285

Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

Samsung Mobile · Customization Service

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://security.samsungmobile.com/https://security.samsungmobile.com/serviceWeb.smsb