CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-42579

Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.5%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2023-42579

Samsung » Samsung Keyboard » Version: Any

cpe:2.3:a:samsung:samsung_keyboard:*
Samsung » Samsung Keyboard » Version: 5.4.60.0

cpe:2.3:a:samsung:samsung_keyboard:5.4.60.0
Samsung » Samsung Keyboard » Version: 5.4.85.0

cpe:2.3:a:samsung:samsung_keyboard:5.4.85.0
Samsung » Samsung Keyboard » Version: 5.5.00.0

cpe:2.3:a:samsung:samsung_keyboard:5.5.00.0
Samsung » Samsung Keyboard » Version: 5.6.00.0

cpe:2.3:a:samsung:samsung_keyboard:5.6.00.0
Samsung » Samsung Keyboard » Version: 5.6.10.0

cpe:2.3:a:samsung:samsung_keyboard:5.6.10.0
Samsung » Samsung Keyboard » Version: 5.7.00.0

cpe:2.3:a:samsung:samsung_keyboard:5.7.00.0
Google » Android » Version: 11.0

cpe:2.3:o:google:android:11.0
Google » Android » Version: 12.0

cpe:2.3:o:google:android:12.0
Google » Android » Version: 13.0

cpe:2.3:o:google:android:13.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-42579

Products

Pricing

Contact Us