Privilege Escalation in Samsung Members Application
CVE-2018-11614

8.8HIGH

Key Information:

Vendor: Samsung
Status: Samsung Members
Vendor: CVE Published:; 24 September 2018

Summary

A remote privilege escalation vulnerability exists in the Samsung Members application, enabling attackers to escalate privileges on vulnerable installations. This flaw arises from improper handling of Intents, allowing an attacker who can execute low-privileged code to send an Intent that would otherwise be inaccessible. By exploiting this vulnerability, an attacker can gain access to resources that would typically be protected, exposing sensitive information and potentially compromising system integrity.

Affected Version(s)

Samsung Members Fixed in version 2.4.25

References

https://zerodayinitiative.com/advisories/ZDI-18-562

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 24, 2018
Vulnerability Reserved
May 31, 2018