CVE-2023-42571

Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 HIGH
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
SamsungMobileCNA
7.6 HIGH
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
samsungfind_my_mobile
𝑥
< 7.3.13.4
𝑥
= Vulnerable software versions
References
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12