Vulnerabilities > CVE-2021-25352 - Exposure of Resource to Wrong Sphere vulnerability in Samsung Bixby Voice

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

samsung

CWE-668

NVD

Published: 2021-03-25

Updated: 2022-08-12

Summary

Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.

Vulnerable Configurations

Part	Description	Count
Application	Samsung Samsung Bixby Voice -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://security.samsungmobile.com/serviceWeb.smsb
https://security.samsungmobile.com/