PT-2020-8547 · Samsung · Tizen
Published
2020-01-22
·
Updated
2020-02-03
·
CVE-2018-16266
CVSS v3.1
8.1
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Tizen versions prior to 5.0 M1
Tizen-based firmwares including Samsung Galaxy Gear series before build RE2
Description:
The issue is related to the Enlightenment system service in Tizen, which has improper D-Bus security policy configurations. This allows an unprivileged process to fully control or capture windows.
Recommendations:
For Tizen versions prior to 5.0 M1, update to version 5.0 M1 or later.
For Tizen-based firmwares including Samsung Galaxy Gear series before build RE2, update to build RE2 or later.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tizen