CVE-2023-42571 : Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physic

Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device.

Published 2023-12-05 03:15:18

Updated 2023-12-11 14:50:26

Source Samsung Mobile

View at NVD, CVE.org

Products affected by CVE-2023-42571

Samsung » Find My Mobile
Versions before (<) 7.3.13.4
cpe:2.3:a:samsung:find_my_mobile:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-42571

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 19 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-42571

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.6	HIGH	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	0.9	6.0	Samsung Mobile
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High
6.8	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	0.9	5.9	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2023-42571

https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12

Security Updates Other Updates | Samsung Mobile Security
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-42571

Products affected by CVE-2023-42571

Exploit prediction scoring system (EPSS) score for CVE-2023-42571

CVSS scores for CVE-2023-42571

References for CVE-2023-42571