Vulnerability Details : CVE-2019-11341
On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.
Products affected by CVE-2019-11341
- cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-11341
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11341
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
4.6
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
0.9
|
3.6
|
NIST |
CWE ids for CVE-2019-11341
-
The product uses a broken or risky cryptographic algorithm or protocol.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-11341
-
https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html
Most Complete Samsung Galaxy Secret Code List!Third Party Advisory
-
https://security.samsungmobile.com/securityUpdate.smsb
Android Security Updates Details | Samsung Mobile SecurityNot Applicable
-
https://twitter.com/fs0c131y/status/1115889065285562368
Elliot Alderson on Twitter: "THREAD: If you have a @SamsungMobile phones, whatever your phone model, an attacker with a physical access to your phone can capture your network traffic without your consExploit;Third Party Advisory
Jump to