Improper Access Control Vulnerability in Samsung's Group Sharing on Android Systems
CVE-2022-36866

4MEDIUM

Key Information:

Vendor: Samsung
Status: Group Sharing
Vendor: CVE Published:; 9 September 2022

What is CVE-2022-36866?

An improper access control vulnerability in the Group Sharing feature of Samsung devices allows potential attackers to identify devices running certain versions of the application. This issue affects versions prior to 13.0.6.15 for Android S (12) and 13.0.6.14 for Android R (11 and earlier). By exploiting this vulnerability, attackers could gain unauthorized insight into device identification, potentially leading to more severe security threats.

Affected Version(s)

Group Sharing < 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2022
Vulnerability Reserved
Jul 27, 2022