Remote Authentication Bypass in Samsung Kies Air
CVE-2012-5858

Currently unrated

Key Information:

Vendor: Samsung
Status: Kies Air
Vendor: CVE Published:; 3 December 2012

Summary

The Samsung Kies Air application versions 2.1.207051 and 2.1.210161 are susceptible to an authentication bypass vulnerability. This occurs because the application relies solely on the IP address for authentication. Malicious actors can exploit this weakness by spoofing or gaining control over the IP address, enabling them to perform remote man-in-the-middle attacks that allow unauthorized access to sensitive phone contents.

References

http://packetstormsecurity.org/files/118154/Kies-Air-Deni...

x_refsource_MISC

http://archives.neohapsis.com/archives/bugtraq/2012-11/00...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/56560

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 3, 2012
Vulnerability Reserved
Nov 12, 2012