CVE-2019-11341

{"id": "CVE-2019-11341", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2019-10-09T16:15:14.233", "references": [{"url": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.samsungmobile.com/securityUpdate.smsb", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://twitter.com/fs0c131y/status/1115889065285562368", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic."}, {"lang": "es", "value": "En ciertos tel\u00e9fonos Samsung P(9.0), un atacante con acceso f\u00edsico puede iniciar una captura de volcado TCP sin el conocimiento del usuario. Esta funcionalidad de la aplicaci\u00f3n Service Mode est\u00e1 disponible despu\u00e9s de ingresar el c\u00f3digo de comprobaci\u00f3n *#9900#, pero est\u00e1 protegida mediante una contrase\u00f1a OTP. Sin embargo, esta contrase\u00f1a se crea localmente y (debido al manejo inapropiado de la criptograf\u00eda) puede ser obtenida f\u00e1cilmente al invertir la l\u00f3gica de creaci\u00f3n de contrase\u00f1a."}], "lastModified": "2019-11-05T15:02:36.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:phone:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "343F6924-CADF-4BE3-88C7-61E469E88BD3"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}