CVE-2022-39877

Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Samsung MobileCNA
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
samsunggroup_sharing
𝑥
< 13.0.6.15
samsunggroup_sharing
𝑥
< 13.0.6.14
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10