PT-2018-10698 · Samsung · Samsung Members

Alex Plaskett

Published

2018-06-07

Updated

2019-10-09

CVE-2018-11614

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Samsung Members versions prior to 2.4.25

Description This issue allows remote attackers to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the handling of Intents, specifically in the ability to send an Intent that would not otherwise be reachable. This can be leveraged to escalate privileges to resources normally protected from the application.

Recommendations For versions prior to 2.4.25, update to version 2.4.25 to resolve the issue. As a temporary workaround, consider restricting the handling of Intents to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2018-11614

ZDI-18-562

Affected Products

Samsung Members

PT-2018-10698 · Samsung · Samsung Members

CVE-2018-11614

Weakness Enumeration

Related Identifiers

Affected Products

References · 3