CVE-2021-25397 MEDIUM

CVE-2021-25397

Vendor Samsung Mobile

Product Samsung Mobile Devices

Weakness CWE-926

Published June 11, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

What the vulnerability does

01Description

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

Key dates

02Disclosure timeline

June 11, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25397 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/926.html

Related vulnerabilities

Identifiers

CVE CVE-2021-25397

CWE CWE-926

CVSS 6.8 / MEDIUM

Affected versions