PT-2022-25086 · Samsung · Galaxy Buds Pro
Mart1N
+1
·
Published
2022-11-09
·
Updated
2022-11-10
·
CVE-2022-39893
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Galaxy Buds Pro Manage versions prior to 4.1.22092751
Description
The issue allows local attackers with log access permission to obtain device identifier data through device logs. This is due to a sensitive information exposure vulnerability in FmmBaseModel.
Recommendations
For versions prior to 4.1.22092751, update to version 4.1.22092751 or later to resolve the issue. As a temporary workaround, consider restricting log access permission to minimize the risk of exploitation.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Galaxy Buds Pro