CVE-2018-16269 — HIGH (7.5)

Q: How severe is CVE-2018-16269?

CVE-2018-16269 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-16269?

Check the references section above for vendor advisories and patch information. Affected products include: Samsung Galaxy Gear Firmware, Samsung Galaxy Gear, Samsung Gear 2 Firmware, Samsung Gear 2, Samsung Gear Live Firmware.

Vulnerability Description

The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Samsung	Galaxy Gear Firmware	< re2
Samsung	Galaxy Gear	-
Samsung	Gear 2 Firmware	< re2
Samsung	Gear 2	-
Samsung	Gear Live Firmware	< re2
Samsung	Gear Live	-
Samsung	Gear S Firmware	< re2
Samsung	Gear S	-
Samsung	Gear S2 Firmware	< re2
Samsung	Gear S2	-
Samsung	Gear S3 Firmware	< re2
Samsung	Gear S3	-
Samsung	Gear Sport Firmware	< re2
Samsung	Gear Sport	-
Samsung	Gear Fit Firmware	< re2
Samsung	Gear Fit	-
Samsung	Gear Fit 2 Firmware	< re2
Samsung	Gear Fit 2	-
Samsung	Gear Fit 2 Pro Firmware	< re2
Samsung	Gear Fit 2 Pro	-

Related Weaknesses (CWE)

CWE-200

References

https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%ExploitThird Party Advisory
https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.beExploitThird Party Advisory
https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%ExploitThird Party Advisory
https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.beExploitThird Party Advisory

FAQ

What is CVE-2018-16269?

CVE-2018-16269 is a vulnerability with a CVSS score of 7.5 (HIGH). The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This af...

How severe is CVE-2018-16269?

CVE-2018-16269 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-16269?

Check the references section above for vendor advisories and patch information. Affected products include: Samsung Galaxy Gear Firmware, Samsung Galaxy Gear, Samsung Gear 2 Firmware, Samsung Gear 2, Samsung Gear Live Firmware.