CVE-2022-28792 Vulnerability Details

  /     /     /  

CVE-2022-28792 Metadata Quick Info

CVE Published: 03/05/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: Samsung Mobile | Vendor: Samsung Mobile | Product: Gear IconX PC Manager
Status : PUBLISHED

CVE-2022-28792 Description

DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking.

Metrics

CVSS Version: 3.1 | Base Score: 6.2 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-427
CWE Name: CWE-427 Uncontrolled Search Path Element
Source: Samsung Mobile

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2022-28792 Vulnerability Details