Vulnerabilities > CVE-2020-7811 - Deserialization of Untrusted Data vulnerability in Samsung Update

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

samsung

CWE-502

NVD

Published: 2020-10-12

Updated: 2020-10-19

Summary

Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication

Vulnerable Configurations

Part	Description	Count
Application	Samsung Samsung Update *	1
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35708