CVE-2021-25351

EUVD-2021-12247
Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.2 LOW
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Samsung MobileCNA
3.2 LOW
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
samsungaccount
𝑥
< 10.7.07
samsungaccount
𝑥
< 12.1.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.samsungmobile.com/
https://security.samsungmobile.com/serviceWeb.smsb
https://security.samsungmobile.com/
https://security.samsungmobile.com/serviceWeb.smsb