Privilege Escalation Vulnerability in Samsung Galaxy Apps (ZDI-CAN-5359)

Privilege Escalation Vulnerability in Samsung Galaxy Apps (ZDI-CAN-5359)

CVE-2018-10502 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue lies in the ability to change the configuration based on the presence of a file in an user-controlled location. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5359.

Learn more about our User Device Pen Test.