Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-49927

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Jun, 2024 | 00:00
Updated At-02 Aug, 2024 | 22:09
Rejected At-
Credits

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check format types specified by the RRC. This can lead to a lack of encryption.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Jun, 2024 | 00:00
Updated At:02 Aug, 2024 | 22:09
Rejected At:
â–¼CVE Numbering Authority (CNA)

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check format types specified by the RRC. This can lead to a lack of encryption.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/
N/A
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Samsungsamsung
Product
exynos_980
CPEs
  • cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Samsungsamsung
Product
exynos_990
CPEs
  • cpe:2.3:h:samsung:exynos_990:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Samsungsamsung
Product
exynos_850
CPEs
  • cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Samsungsamsung
Product
exynos_1080
CPEs
  • cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Samsungsamsung
Product
exynos_2200
CPEs
  • cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Samsungsamsung
Product
exynos_1280
CPEs
  • cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Samsungsamsung
Product
exynos_1380
CPEs
  • cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Samsungsamsung
Product
exynos_1330
CPEs
  • cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Samsungsamsung
Product
exynos_9110
CPEs
  • cpe:2.3:h:samsung:exynos_9110:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Samsungsamsung
Product
exynos_w920
CPEs
  • cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Samsungsamsung
Product
exynos_modem_5123
CPEs
  • cpe:2.3:h:samsung:exynos_modem_5123:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Samsungsamsung
Product
exynos_modem_5300
CPEs
  • cpe:2.3:h:samsung:exynos_modem_5300:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Samsungsamsung
Product
exynos_2100
CPEs
  • cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Problem Types
TypeCWE IDDescription
CWECWE-331CWE-331 Insufficient Entropy
Type: CWE
CWE ID: CWE-331
Description: CWE-331 Insufficient Entropy
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/
x_transferred
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Resource:
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Jun, 2024 | 19:15
Updated At:01 Aug, 2024 | 13:45

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check format types specified by the RRC. This can lead to a lack of encryption.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Samsung
samsung
>>exynos_9820_firmware>>-
cpe:2.3:o:samsung:exynos_9820_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_9820>>-
cpe:2.3:h:samsung:exynos_9820:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_9825_firmware>>-
cpe:2.3:o:samsung:exynos_9825_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_9825>>-
cpe:2.3:h:samsung:exynos_9825:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_980_firmware>>-
cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_980>>-
cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_990_firmware>>-
cpe:2.3:o:samsung:exynos_990_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_990>>-
cpe:2.3:h:samsung:exynos_990:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_850_firmware>>-
cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_850>>-
cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1080_firmware>>-
cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1080>>-
cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2100_firmware>>-
cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2100>>-
cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2200_firmware>>-
cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2200>>-
cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1280_firmware>>-
cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1280>>-
cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1380_firmware>>-
cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1380>>-
cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1330_firmware>>-
cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1330>>-
cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_modem_5123_firmware>>-
cpe:2.3:o:samsung:exynos_modem_5123_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_modem_5123>>-
cpe:2.3:h:samsung:exynos_modem_5123:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_modem_5300_firmware>>-
cpe:2.3:o:samsung:exynos_modem_5300_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_modem_5300>>-
cpe:2.3:h:samsung:exynos_modem_5300:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-311Primarynvd@nist.gov
CWE-331Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-311
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-331
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve@mitre.org
Vendor Advisory
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

58Records found
CVE-2021-4240
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.6||LOW
EPSS-0.25% / 48.75%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 00:00
Updated-15 Apr, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
phpservermon User.php generatePasswordResetToken predictable algorithm in random number generator

A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is 3daa804d5f56c55b3ae13bfac368bb84ec632193. It is recommended to apply a patch to fix this issue. The identifier VDB-213717 was assigned to this vulnerability.

Action-Not Available
Vendor-phpservermonitorunspecified
Product-php_server_monitorphpservermon
CWE ID-CWE-331
Insufficient Entropy
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2019-9681
Matching Score-4
Assigner-Dahua Technologies
ShareView Details
Matching Score-4
Assigner-Dahua Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 37.98%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 16:02
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.

Action-Not Available
Vendor-Dahua Technology Co., Ltd
Product-ipc-hdw1x2x_firmwareipc-hdw5x2x_firmwareipc-hfw4x2x_firmwareipc-hfw1x2x_firmwareipc-hfw2x2x_firmwareipc-hfw2x2xipc-hdbw4x2xipc-hfw4x2xipc-hdw4x2xipc-hfw5x2x_firmwareipc-hfw1x2xipc-hdw5x2xipc-hdw2x2x_firmwareipc-hdbw4x2x_firmwareipc-hdw2x2xipc-hdw4x2x_firmwareipc-hdw1x2xipc-hfw5x2xIPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2019-4686
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.04% / 12.79%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 19:00
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171822.

Action-Not Available
Vendor-IBM Corporation
Product-guardium_data_encryptionguardium_for_cloud_key_managementSecurity Guardium Data Encryption
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2019-19464
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 37.50%
||
7 Day CHG~0.00%
Published-30 Nov, 2019 | 01:17
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics.

Action-Not Available
Vendor-cbcn/aApple Inc.Google LLC
Product-androidiphone_osgemn/a
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2019-1692
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 54.83%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 15:00
Updated-19 Nov, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Application Policy Infrastructure Controller Web-Based Management Interface Usage Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certain components in the underlying Application Centric Infrastructure (ACI). An attacker could exploit this vulnerability by attempting to observe certain network traffic when accessing the APIC. A successful exploit could allow the attacker to access and collect certain tracking data and usage statistics on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-application_policy_infrastructure_controllerCisco Application Policy Infrastructure Controller (APIC)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2019-14317
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 60.58%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 17:30
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-331
Insufficient Entropy
CVE-2023-38357
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-4.16% / 88.93%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 00:00
Updated-17 Oct, 2024 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions.

Action-Not Available
Vendor-rwsn/a
Product-worldservern/a
CWE ID-CWE-331
Insufficient Entropy
CVE-2021-35236
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-3.1||LOW
EPSS-0.50% / 66.29%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 00:57
Updated-16 Sep, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Secure Flag From SSL Cookie

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-kiwi_syslog_serverKiwi Syslog Server
CWE ID-CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE ID-CWE-311
Missing Encryption of Sensitive Data
  • Previous
  • 1
  • 2
  • Next
Details not found