CVE-2023-42576

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
PHYSICAL
LOW
HIGH
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
SamsungMobileCNA
5.4 MEDIUM
PHYSICAL
LOW
HIGH
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
samsungpass
𝑥
< 4.3.00.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12