CVE-2021-25372 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 MEDIUM	PHYSICAL	HIGH	HIGH	CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Samsung Mobile	CNA	6.1 MEDIUM	PHYSICAL	HIGH	HIGH	CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 75%

Vendor	Product	Version
samsung	android	10.0:smr-feb-2021-r1
samsung	android	10.0:smr-jan-2021-r1
samsung	android	11.0:smr-feb-2021-r1
samsung	android	11.0:smr-jan-2021-r1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.
CWE-703 - Improper Check or Handling of Exceptional Conditions
The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.

References

https://security.samsungmobile.com

https://security.samsungmobile.com/securityUpdate.smsb

https://security.samsungmobile.com

https://security.samsungmobile.com/securityUpdate.smsb

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25372