CVE-2024-49421

Published Dec 3, 2024

Last updated 5 months ago

CVSS medium 4.3

Overview

Description
Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location.
Source
mobile.security@samsung.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity
MEDIUM

Social media

Hype score
Not currently trending

  1. [ZDI-25-229|CVE-2024-49421] (Pwn2Own) Samsung Galaxy S24 Quick Share Directory Traversal Arbitrary File Write Vulnerability (CVSS 5.9; Credit: Ken Gannon of NCC Group (@yogehi)) https://t.co/ElY5jHyxRX

    @TheZDIBugs

    14 Apr 2025

    3073 Impressions

    7 Retweets

    37 Likes

    21 Bookmarks

    0 Replies

    0 Quotes

References