CVE-2019-16256

CRITICALCISA KEV

9.8

Beschreibung

Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht9/12/2019

Zuletzt geandert11/12/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerSIMalliance

ProduktToolbox Browser

SchwachstellennameSIMalliance Toolbox Browser Command Injection Vulnerability

KEV Aufnahmedatum2021-11-03

Behebungsfrist2022-05-03

Ransomware-NutzungUnknown

Betroffene Produkte

trustedconnectivityalliance:s\@t_browser

Referenzen

https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile(cve@mitre.org)

https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-16256(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.