CVE-2018-10502 Vulnerability Details

  /     /     /  

CVE-2018-10502 Metadata Quick Info

CVE Published: 24/09/2018 | CVE Updated: 05/08/2024 | CVE Year: 2018
Source: zdi | Vendor: Samsung | Product: Samsung Galaxy Apps
Status : PUBLISHED

---

CVE-2018-10502 Description

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue lies in the ability to change the configuration based on the presence of a file in an user-controlled location. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5359.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-269
CWE Name: CWE-269-Improper Privilege Management
Source: Samsung

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).