Vulnerability Details CVE-2019-16256
Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.427
EPSS Ranking 97.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message.
Ransomware Campaign
Unknown
References
Products affected by CVE-2019-16256
-
cpe:2.3:h:samsung:samsung:-
-
cpe:2.3:o:samsung:samsung_firmware:-