Vulnerability Details CVE-2018-10502
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue lies in the ability to change the configuration based on the presence of a file in an user-controlled location. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5359.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
Products affected by CVE-2018-10502
-
cpe:2.3:a:samsung:galaxy_apps:-
-
cpe:2.3:a:samsung:galaxy_apps:3.1.08.0
-
cpe:2.3:a:samsung:galaxy_apps:4.2.06-16
-
cpe:2.3:a:samsung:galaxy_apps:4.2.08-47
-
cpe:2.3:a:samsung:galaxy_apps:4.2.10-11
-
cpe:2.3:a:samsung:galaxy_apps:4.2.11-1
-
cpe:2.3:a:samsung:galaxy_apps:4.2.12.42
-
cpe:2.3:a:samsung:galaxy_apps:4.2.12.50
-
cpe:2.3:a:samsung:galaxy_apps:4.2.12.51
-
cpe:2.3:a:samsung:galaxy_apps:4.2.14.12
-
cpe:2.3:a:samsung:galaxy_apps:4.2.15.1
-
cpe:2.3:a:samsung:galaxy_apps:4.2.16.1
-
cpe:2.3:a:samsung:galaxy_apps:4.2.16.5