Vulnerability Description
On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 9.0 | |
| Samsung | Phone | - |
Related Weaknesses (CWE)
References
- https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.htmlThird Party Advisory
- https://security.samsungmobile.com/securityUpdate.smsbNot Applicable
- https://twitter.com/fs0c131y/status/1115889065285562368ExploitThird Party Advisory
- https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.htmlThird Party Advisory
- https://security.samsungmobile.com/securityUpdate.smsbNot Applicable
- https://twitter.com/fs0c131y/status/1115889065285562368ExploitThird Party Advisory
FAQ
What is CVE-2019-11341?
CVE-2019-11341 is a vulnerability with a CVSS score of 4.6 (MEDIUM). On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering t...
How severe is CVE-2019-11341?
CVE-2019-11341 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11341?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Samsung Phone.