Uncontrolled Search Path Element Vulnerability in Samsung Android USB Driver
CVE-2022-28779

5.3MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Android Usb Driver Windows Installer
Vendor: CVE Published:; 11 April 2022

What is CVE-2022-28779?

The Samsung Android USB Driver contains a vulnerability that allows attackers to exploit an uncontrolled search path element in its Windows installer. This could result in arbitrary code execution if an attacker successfully manipulates the installer's environment, potentially compromising the affected system. Users are advised to update their drivers to version 1.7.50 or later to mitigate the risks associated with this vulnerability.

Affected Version(s)

Samsung Android USB Driver windows installer - < 1.7.50

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2022
Vulnerability Reserved
Apr 7, 2022

CVE-2022-28779 Data

JSON