Improper Access Control Vulnerability in Samsung Voice Recorder for Android Devices
CVE-2023-42577

6.8MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Voice Recorder
Vendor: CVE Published:; 5 December 2023

Summary

The Samsung Voice Recorder is vulnerable to an improper access control issue, allowing physical attackers to gain unauthorized access to sensitive Voice Recorder information displayed on the lock screen. This vulnerability affects versions of the application prior to 21.4.15.01 in Android 12 and 13, and prior to 21.4.50.17 in Android 14, posing a risk for users unaware of the exposure of personal voice recordings.

Affected Version(s)

Samsung Voice Recorder 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 5, 2023
Vulnerability Reserved
Sep 11, 2023