{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-21441","assignerOrgId":"3af57064-a867-422c-b2ad-40307b65c458","assignerShortName":"Samsung Mobile","dateUpdated":"2025-03-24T19:08:52.393Z","dateReserved":"2022-11-14T00:00:00.000Z","datePublished":"2023-02-09T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"3af57064-a867-422c-b2ad-40307b65c458","shortName":"Samsung Mobile","dateUpdated":"2023-02-09T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code."}],"affected":[{"vendor":"Samsung Mobile","product":"Routine","versions":[{"version":"unspecified","status":"affected","lessThan":"2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12)","versionType":"custom"}]}],"references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.4,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-345: Insufficient Verification of Data Authenticity","cweId":"CWE-345"}]}],"source":{"discovery":"UNKNOWN"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T09:36:34.507Z"},"title":"CVE Program Container","references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-24T19:08:45.720027Z","id":"CVE-2023-21441","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-24T19:08:52.393Z"}}]}}