PT-2023-28449 · Samsung+2 · Samsung Keyboard+4
Publicado
2023-12-04
·
Atualizado
2023-12-12
·
CVE-2023-42579
CVSS v3.1
6.5
Média
| Vetor | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SogouSDK of Chinese Samsung Keyboard versions prior to 5.3.70.1 in Android 11
SogouSDK of Chinese Samsung Keyboard versions prior to 5.4.60.49 in Android 11
SogouSDK of Chinese Samsung Keyboard versions prior to 5.4.85.5 in Android 11
SogouSDK of Chinese Samsung Keyboard versions prior to 5.5.00.58 in Android 12
SogouSDK of Chinese Samsung Keyboard versions prior to 5.6.00.52 in Android 13
SogouSDK of Chinese Samsung Keyboard versions prior to 5.6.10.42 in Android 13
SogouSDK of Chinese Samsung Keyboard versions prior to 5.7.00.45 in Android 13
However, considering the instruction to consolidate the range into a single line and to avoid redundant or overlapping statements, the above can be simplified to:
SogouSDK of Chinese Samsung Keyboard versions prior to 5.3.70.1 in Android 11
SogouSDK of Chinese Samsung Keyboard versions prior to 5.5.00.58 in Android 12
SogouSDK of Chinese Samsung Keyboard versions prior to 5.7.00.45 in Android 13
Description
The issue is related to the improper usage of an insecure protocol (i.e., HTTP) in the SogouSDK of the Chinese Samsung Keyboard. This allows adjacent attackers to access keystroke data using a Man-in-the-Middle attack.
Recommendations
For versions prior to 5.3.70.1 in Android 11, update to version 5.3.70.1 or later.
For versions prior to 5.5.00.58 in Android 12, update to version 5.5.00.58 or later.
For versions prior to 5.7.00.45 in Android 13, update to version 5.7.00.45 or later.
Correção
Cleartext Transmission of Sensitive Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Android 11
Android 12
Android 13
Samsung Keyboard
Sogousdk