CVE-2022-39893

Published Nov 9, 2022

Last updated 2 years ago

Overview

Description: Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log.
Source: mobile.security@samsung.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 3.3
Impact score: 1.4
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

Weaknesses

nvd@nist.gov: CWE-532
mobile.security@samsung.com: CWE-532

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:samsung:galaxy_buds_pro_manage:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F42386F-B2F1-4129-8853-6C832C4CF12B",
            "versionEndExcluding": "4.1.22092751"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References