CVE-2018-16267

Published Jan 22, 2020

Last updated a year ago

CVSS high 8.1

Overview

Description: The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.8
Impact score: 4.9
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:tizen:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CE14F41-1DA4-4FB3-AC1E-53B38CE81A13"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:1.0:m1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20D9C36E-A873-46A7-A8BA-4A5E0A4BCCA7"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "394C885B-4641-4AE1-913F-1DE2707897DB"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C67EE22-0987-4CB5-82C6-18D2AB6D8691"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E7F6A42-2ECF-4948-A31C-F212E4AF0158"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F08ED37-2F08-4663-ADCC-DA8608AFEF68"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF125805-DE1F-4791-8B25-3759C00C184E"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44D78961-9103-4C1A-95A7-33CECC3F1172"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A859D388-C803-4562-A83E-89C15AE69F67"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ED4739E-DB36-4298-B6D5-8905B1DB5B59"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:3.0:m2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9F67075-9BCB-4EFF-BE36-790655A96679"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:3.0:m3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4667DAE4-A021-4051-8C6F-AA60597FB575"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:4.0:m1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43386546-ECB4-4131-A0CA-C9D939C6BD75"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:4.0:m2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A8490E0-CE6A-453B-9DD6-C2D8A777FC82"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:4.0:m3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D32007B2-74B6-44A3-8C6F-BB4141B6824A"
          },
          {
            "criteria": "cpe:2.3:o:linux:tizen:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85EDFA9B-354F-4992-8565-6F39E5AC7EB5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References