CVE-2022-25833

Summary

Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung Mobile DevicesQ(10), R(11) < SMR Apr-2022 Release 1affected

Weaknesses

  • CWE-287: CWE-287: Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References