Improper D-Bus Security Configuration in Tizen by Samsung
CVE-2018-16267
8.1HIGH
Summary
The system-popup service in Tizen enables unprivileged processes to execute certain system commands, such as triggering the poweroff menu and displaying popups with customized text, due to incorrect D-Bus security policy configurations. This vulnerability impacts Tizen versions prior to 5.0 M1 and Tizen-based devices including several models in the Samsung Galaxy Gear series, rendering them susceptible to unauthorized system actions.
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved