CVE-2019-11341

Sažetak

On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.

Reference

https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html
https://security.samsungmobile.com/securityUpdate.smsb
https://twitter.com/fs0c131y/status/1115889065285562368

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

05-11-2019 - 15:02

Objavljeno

09-10-2019 - 16:15