CVE-2017-10963

5.9MEDIUM

Key Information:

Vendor: Samsung
Status: Knox Enterprise Mobility Management; Knox Identity Access Management
Vendor: CVE Published:; 20 February 2018

Summary

In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container (without the user's knowledge) by inspecting network traffic from a Samsung server and injecting content at a certain point in the update sequence. This installed application can further leak information stored inside the Knox container to the outside world.

References

https://gist.github.com/e96e02/12ce905e3b724954273dd7d543...

x_refsource_MISC

https://www.lgsinnovations.com/lgs-innovations-discovers-...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2018
Vulnerability Reserved
Jul 5, 2017