CVE-2021-25502 - Vulnerability Details

Vendors	Products
Google	Android

Link	Providers
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [{"lessThan": "SMR Nov-2021 Release 1", "status": "affected", "version": "O(8.1), P(9.0), Q(10.0), R(11.0)", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-05T02:03:32", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11"}], "source": {"discovery": "UNKNOWN"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25502", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Samsung Mobile Devices", "version": {"version_data": [{"version_affected": "<", "version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)", "version_value": "SMR Nov-2021 Release 1"}]}}]}, "vendor_name": "Samsung Mobile"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269: Improper Privilege Management"}]}]}, "references": {"reference_data": [{"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11", "refsource": "MISC", "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:03:05.658Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11"}]}]}, "cveMetadata": {"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2021-25502", "datePublished": "2021-11-05T02:03:32", "dateReserved": "2021-01-19T00:00:00", "dateUpdated": "2024-08-03T20:03:05.658Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Samsung Mobile Devices (string)

vendor : Samsung Mobile (string)

versions : [ »

0 : { »

lessThan : SMR Nov-2021 Release 1 (string)

status : affected (string)

version : O(8.1), P(9.0), Q(10.0), R(11.0) (string)

versionType : custom (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 7.9 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-269 (string)

description : CWE-269: Improper Privilege Management (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-11-05T02:03:32 (string)

orgId : 3af57064-a867-422c-b2ad-40307b65c458 (string)

shortName : Samsung Mobile (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11 (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : mobile.security@samsung.com (string)

ID : CVE-2021-25502 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Samsung Mobile Devices (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : O(8.1), P(9.0), Q(10.0), R(11.0) (string)

version_value : SMR Nov-2021 Release 1 (string)

}

]

}

]

}

vendor_name : Samsung Mobile (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. (string)

}

]

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 7.9 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-269: Improper Privilege Management (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11 (string)

refsource : MISC (string)

url : https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11 (string)

}

]

}

source : { »

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T20:03:05.658Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 3af57064-a867-422c-b2ad-40307b65c458 (string)

assignerShortName : Samsung Mobile (string)

cveId : CVE-2021-25502 (string)

datePublished : 2021-11-05T02:03:32 (string)

dateReserved : 2021-01-19T00:00:00 (string)

dateUpdated : 2024-08-03T20:03:05.658Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge."}, {"lang": "es", "value": "Una vulnerabilidad de almacenamiento de informaci\u00f3n confidencial de forma no segura en Property Settings anterior a SMR Nov-2021 Release 1 permite a atacantes leer el valor de ESN sin privilegio"}], "id": "CVE-2021-25502", "lastModified": "2024-11-21T05:55:07.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 5.3, "source": "mobile.security@samsung.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-05T03:15:10.413", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "mobile.security@samsung.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:* (string)

matchCriteriaId : B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 8DFAAD08-36DA-4C95-8200-C29FE5B6B854 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D558D965-FA70-4822-A770-419E73BA9ED3 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 109DD7FD-3A48-4C3D-8E1A-4433B98E1E64 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de almacenamiento de información confidencial de forma no segura en Property Settings anterior a SMR Nov-2021 Release 1 permite a atacantes leer el valor de ESN sin privilegio (string)

}

]

id : CVE-2021-25502 (string)

lastModified : 2024-11-21T05:55:07.477 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 2.1 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 7.9 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 2 (number)

impactScore : 5.3 (number)

source : mobile.security@samsung.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-11-05T03:15:10.413 (string)

references : [ »

0 : { »

source : mobile.security@samsung.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11 (string)

}

]

sourceIdentifier : mobile.security@samsung.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-269 (string)

}

]

source : mobile.security@samsung.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-312 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object