Insecure SS and USSD Codes in Samsung Contacts Application (SVE-2018-11469)

Insecure SS and USSD Codes in Samsung Contacts Application (SVE-2018-11469)

CVE-2018-21078 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018).

Learn more about our Cis Benchmark Audit For Mobile Devices.