PT-2022-25102 · Samsung · Samsung Gear Iconx Pc Manager
Heechan Kim
+1
·
Published
2022-12-08
·
Updated
2022-12-12
·
CVE-2022-39909
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Samsung Gear IconX PC Manager versions prior to 2.1.221019.51
Description
The issue is related to insufficient verification of data authenticity, allowing local attackers to create arbitrary files using symbolic links. This can be exploited by attackers to potentially cause harm.
Recommendations
For versions prior to 2.1.221019.51, update to version 2.1.221019.51 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Samsung Gear Iconx Pc Manager