Improper Access Control in Samsung Push Service
CVE-2023-42542

3.3LOW

Key Information:

Vendor: Samsung
Status: Samsung Push Service
Vendor: CVE Published:; 7 November 2023

What is CVE-2023-42542?

An improper access control vulnerability has been identified in Samsung Push Service versions prior to 3.4.10. This flaw enables local attackers to exploit the system and retrieve the register ID used for device identification. This poses significant privacy risks as unauthorized individuals may potentially gain insights into the device's user information, leading to further security concerns.

Affected Version(s)

Samsung Push Service 3.4.10

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Sep 11, 2023