CVE-2019-6742
Published Jun 3, 2019
Last updated 3 years ago
Overview
- Description
- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 3.0
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- zdi-disclosures@trendmicro.com
- CWE-358
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s9:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3CE4730C-0430-429C-9723-76219B46F092"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_s9_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D53B440-78AE-460B-AC1B-A270CA6EC6CD",
"versionEndExcluding": "1.4.20.2"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]