CVE-2022-28792

CVSS v3 6.2 MEDIUM
CVSS v2.0 4.4 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

D

LL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking.

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5	Vendor Advisory
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:gear_iconx_pc_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:57

Type	Values Removed	Values Added
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5 - Vendor Advisory~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5 - Vendor Advisory
CVSS	v2 : ~~4.4~~ v3 : ~~7.8~~	v2 : 4.4 v3 : 6.2

Information

Published : 2022-05-03 20:15

Updated : 2024-11-21 06:57

NVD link : CVE-2022-28792

Mitre link : CVE-2022-28792

CVE.ORG link : CVE-2022-28792

JSON object : View

Products Affected

gear_iconx_pc_manager

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2022-28792", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-05-03T20:15:09.743", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-427"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking."}, {"lang": "es", "value": "Una vulnerabilidad de secuestro de DLL en Gear IconX PC Manager versiones anteriores a 2.1.220405.51 permite a un atacante ejecutar c\u00f3digo arbitrario. El parche a\u00f1ade una ruta absoluta apropiada para evitar un secuestro de DLL"}], "lastModified": "2024-11-21T06:57:56.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:gear_iconx_pc_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBE6C3DB-1E46-4A27-88F5-216F21F6D010", "versionEndExcluding": "2.1.220405.51"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}