Vulnerabilities > CVE-2021-25352 - Exposure of Resource to Wrong Sphere vulnerability in Samsung Bixby Voice

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

samsung

CWE-668

NVD

Published: 2021-03-25

Updated: 2022-08-12

Summary

Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.

Vulnerable Configurations

Part	Description	Count
Application	Samsung Samsung Bixby Voice -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://security.samsungmobile.com/serviceWeb.smsb
https://security.samsungmobile.com/