Improper Authorization in AutoPowerOnOffConfirmDialog for Samsung Devices
CVE-2023-21461

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Mobile Devices
Vendor: CVE Published:; 16 March 2023

What is CVE-2023-21461?

An improper authorization vulnerability exists in the AutoPowerOnOffConfirmDialog within Samsung devices. This flaw allows a local attacker to turn off the device via an unprotected activity, posing significant security risks to users. Devices affected are those prior to the SMR March 2023 Release 1, and users are advised to update their firmware promptly to mitigate potential exploitation risks.

Affected Version(s)

Samsung Mobile Devices Android 12, 13

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Nov 14, 2022