Vulnerability Description
Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samsung | Galaxy Apps | < 4.4.01.7 |
Related Weaknesses (CWE)
References
- https://security.samsungmobile.com/securityUpdate.smsbVendor Advisory
- https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/ExploitThird Party Advisory
- https://security.samsungmobile.com/securityUpdate.smsbVendor Advisory
- https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/ExploitThird Party Advisory
FAQ
What is CVE-2018-20135?
CVE-2018-20135 is a vulnerability with a CVSS score of 8.1 (HIGH). Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps i...
How severe is CVE-2018-20135?
CVE-2018-20135 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-20135?
Check the references section above for vendor advisories and patch information. Affected products include: Samsung Galaxy Apps.