First published: Mon Sep 24 2018(Updated: )
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Intents. The issue lies in the ability to send an Intent that would not otherwise be reachable. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5361.
Credit: zdi-disclosures@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Samsung Members | <2.4.25 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-11614 is high, with potential for remote privilege escalation.
To fix CVE-2018-11614, upgrade to Samsung Members version 2.4.25 or later.
CVE-2018-11614 is a privilege escalation vulnerability affecting Samsung Members.
An attacker with low-privileged access can exploit CVE-2018-11614 to escalate privileges.
The affected software for CVE-2018-11614 is Samsung Members versions prior to 2.4.25.