Improper Authorization in AutoPowerOnOffConfirmDialog for Samsung Devices
CVE-2023-21461

5.5MEDIUM

Key Information:

Vendor
Samsung
Status
Samsung Mobile Devices
Vendor
CVE Published:
16 March 2023

Summary

An improper authorization vulnerability exists in the AutoPowerOnOffConfirmDialog within Samsung devices. This flaw allows a local attacker to turn off the device via an unprotected activity, posing significant security risks to users. Devices affected are those prior to the SMR March 2023 Release 1, and users are advised to update their firmware promptly to mitigate potential exploitation risks.

Affected Version(s)

Samsung Mobile Devices Android 12, 13

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.