CVE-2022-22272

Summary

Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung Mobile DevicesQ(10.0), R(11.0), S(12.0) < SMR Jan-2022 Release 1affected

Weaknesses

  • CWE-285: CWE-285: Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

References