Improper Authorization in Samsung Push Service Affects User Security
CVE-2023-42541

5.3MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Push Service
Vendor: CVE Published:; 7 November 2023

Summary

A vulnerability in Samsung Push Service prior to version 3.4.10 involves improper authorization in the PushClientProvider component. This flaw permits attackers to gain unauthorized access to unique identifiers associated with the service, potentially compromising user privacy and security. It is crucial for users to update their software to mitigate this risk.

Affected Version(s)

Samsung Push Service 3.4.10

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Sep 11, 2023