CVE-2022-27841 — MEDIUM (4.3)

Q: What is CVE-2022-27841?

CVE-2022-27841 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication

Q: How severe is CVE-2022-27841?

CVE-2022-27841 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-27841?

Check the references section above for vendor advisories and patch information. Affected products include: Samsung Samsung Pass.

Vulnerability Description

Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Samsung	Samsung Pass	< 3.7.07.5

Related Weaknesses (CWE)

CWE-703 CWE-755

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=4Vendor Advisory
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=4Vendor Advisory

FAQ

What is CVE-2022-27841?

CVE-2022-27841 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication

How severe is CVE-2022-27841?

CVE-2022-27841 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-27841?

Check the references section above for vendor advisories and patch information. Affected products include: Samsung Samsung Pass.