CVE Vulnerability

CVE-2019-11341

On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.

2.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

4.6 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://security.samsungmobile.com/securityUpdate.smsb Not Applicable
https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html Third Party Advisory
https://twitter.com/fs0c131y/status/1115889065285562368 Exploit Third Party Advisory
Configurations

Configuration 1
Information

Published : 2019-10-09 04:15

Updated : 2019-11-05 03:02

NVD link : CVE-2019-11341

Mitre link : CVE-2019-11341

Products Affected

Phone

Samsung

CWE
CWE-327