Samsung modem vulnerability

CISA Issues Warning About Samsung Smartphone Vulnerability

Published on: May 24, 2023
Last Updated: May 24, 2023

CISA Issues Warning About Samsung Smartphone Vulnerability

Published on: May 24, 2023
Last Updated: May 24, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a vulnerability found in Samsung devices.

This medium-severity flaw, identified as CVE-2023-21492 with a CVSS score of 4.4, specifically affects certain Samsung devices running Android versions 11, 12, and 13.

According to Samsung, the vulnerability is classified as an information disclosure flaw.

Exploiting this flaw grants a privileged attacker the ability to bypass address space layout randomization (ASLR) protections.

ASLR is a security measure implemented to prevent memory corruption and code execution vulnerabilities by obfuscating the location of executable code within a device’s memory.

Google’s Threat Analysis Group, the team responsible for identifying and analyzing cyber threats, has uncovered the vulnerability in question.

Their findings indicate that it is highly probable that this vulnerability has been exploited by a commercial spyware vendor.

Google has documented this particular flaw, identified as CVE-2023-21492, in its zero-day exploitation database since its discovery in 2021.

Google’s reports over the past few months have detailed targeted campaigns carried out by threat actors associated with spyware vendors.

These campaigns aimed to compromise Samsung smartphones utilizing a range of both zero-day (previously unknown) and n-day (known but unpatched) vulnerabilities.

On Friday, CISA also included two Cisco IOS vulnerabilities in its KEV catalog.

The first vulnerability, known as CVE-2016-6415, was initially revealed in 2016 through the Shadow Brokers leaks. It has been identified as a notable security concern.

The second vulnerability, tracked as CVE-2004-1464, is a considerably old Denial-of-Service (DoS) vulnerability.

Cisco had previously alerted customers about the potential exploitation of this vulnerability in 2004 and had issued patches at that time to address the issue.

Despite its age, it is still included in CISA’s KEV catalog due to its relevance and potential impact on affected systems.

Stay on top of the latest technology trends — delivered directly to your inbox, free!

Subscription Form Posts

Don't worry, we don't spam

Written by Husain Parvez

Husain has been around the internet ever since the dial-up days and loves writing about everything across the technosphere. He loves reviewing tech, writing about VPNs, and covering Cybersecurity news.