CVE-2016-4030 - Vulnerability Details

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Samsung	Galaxy Note 3 Galaxy Note 3 Firmware Galaxy S4 Galaxy S4 Firmware Galaxy S4 Mini Galaxy S4 Mini Firmware Galaxy S4 Mini Lte Galaxy S4 Mini Lte Firmware Galaxy S6 Galaxy S6 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu2coh2:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:samsung:galaxy_note_3_firmware:n9005xxugbob6:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_note_3:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:samsung:galaxy_s4_mini_firmware:i9192xxubnb1:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:samsung:galaxy_s4_mini_lte_firmware:i9195xxucol1:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s4_mini_lte:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:samsung:galaxy_s4_firmware:i9505xxuhoj2:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/97701
https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-04-13T16:00:00

Updated: 2024-08-06T00:17:30.659Z

Reserved: 2016-04-15T00:00:00

Link: CVE-2016-4030

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-04-13T16:59:01.177

Modified: 2024-11-21T02:51:12.043

Link: CVE-2016-4030

Redhat

No data.

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object