{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-49421","assignerOrgId":"3af57064-a867-422c-b2ad-40307b65c458","state":"PUBLISHED","assignerShortName":"SamsungMobile","dateReserved":"2024-10-15T05:26:08.661Z","datePublished":"2024-12-03T05:48:06.555Z","dateUpdated":"2024-12-03T14:25:22.984Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}],"affected":[{"vendor":"Samsung Mobile","product":"Quick Share Agent","versions":[{"status":"unaffected","version":"3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location."}],"references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=12"}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":4.3,"vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}],"providerMetadata":{"orgId":"3af57064-a867-422c-b2ad-40307b65c458","shortName":"SamsungMobile","dateUpdated":"2024-12-03T05:48:06.555Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-03T14:24:44.279594Z","id":"CVE-2024-49421","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-03T14:25:22.984Z"}}]}}