← Retour aux CVEs
CVE-2019-6742
CRITICAL9.8
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie6/3/2019
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
samsung:galaxy_s9samsung:galaxy_s9_firmware
Faiblesses (CWE)
CWE-358
References
https://www.zerodayinitiative.com/advisories/ZDI-19-255/(zdi-disclosures@trendmicro.com)
https://www.zerodayinitiative.com/advisories/ZDI-19-255/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.