PT-2022-15986 · Samsung · Knoxprivacynoticereceiver
H0Rd7
·
Published
2022-02-11
·
Updated
2022-02-18
·
CVE-2022-23427
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
KnoxPrivacyNoticeReceiver versions prior to SMR Feb-2022 Release 1
Description
The issue allows local attackers to access media files without permission via implicit Intent. This is due to a PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver.
Recommendations
For versions prior to SMR Feb-2022 Release 1, update to the SMR Feb-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to media files to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Knoxprivacynoticereceiver