CVE-2018-16271

Published Jan 22, 2020

Last updated 5 years ago

CVSS medium 6.5

Overview

Description: The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.3
Impact score: 2.9
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:samsung:galaxy_gear_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "823D208B-3316-42CD-BFAD-F680B2CE04CA",
            "versionEndExcluding": "re2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:samsung:gear_2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3ACF61B2-D169-4423-9A54-BA0C73BAAA95",
            "versionEndExcluding": "re2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:samsung:gear_2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A58D5FF1-9573-4059-9C38-4C6B45812896"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:samsung:gear_live_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94B31103-12C7-460E-B0F0-86D1B036D067",
            "versionEndExcluding": "re2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:samsung:gear_live:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C1E260EE-D0E5-4506-862E-367D72767A5B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:samsung:gear_s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42163099-D8E7-4509-A9B0-ABCA3260E963",
            "versionEndExcluding": "re2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:samsung:gear_s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "15C8050C-4FFB-4CE9-AC2E-927C43D0A5ED"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:samsung:gear_s2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77C40433-B8BC-4829-B7C5-2EEA66C7827F",
            "versionEndExcluding": "re2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:samsung:gear_s2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "80E04318-D715-4263-A869-C9203EB7CE75"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:samsung:gear_s3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A52BB0AA-9EFC-4CC8-AD81-777D63C8E26B",
            "versionEndExcluding": "re2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:samsung:gear_s3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EB6F5890-C7A5-45B2-BADE-118B53BE2667"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:samsung:gear_sport_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "062AEA64-280B-4A80-9E9F-A65225D7A7E9",
            "versionEndExcluding": "re2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:samsung:gear_sport:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B4D21008-B7FC-4E40-8817-B96A045DB122"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:samsung:gear_fit_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F03DF2D-7C51-4633-918E-58B0A5601954",
            "versionEndExcluding": "re2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:samsung:gear_fit:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1BA573D2-AF1C-4763-9244-95F5104177E2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:samsung:gear_fit_2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "826565B1-E201-4EF4-B9FD-6D34962188F2",
            "versionEndExcluding": "re2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:samsung:gear_fit_2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5A2D9849-D057-41ED-AA8A-D692135B4DC2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:samsung:gear_fit_2_pro_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73864A48-39CC-4196-B18C-AB079D554709",
            "versionEndExcluding": "re2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:samsung:gear_fit_2_pro:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "49E06C7B-5870-4D08-8D48-43EC469A579B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References