CVE-2019-16256: SIMalliance Toolbox Browser Command Injection Vulnerability
First published: Thu Sep 12 2019(Updated: )
Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Samsung Firmware | ||
| Samsung Samsung | ||
| SIMalliance Toolbox Browser | ||
| All of | ||
| Samsung Samsung Firmware | ||
| Samsung Samsung |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/description
- agent/title
- agent/severity
- agent/author
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-cve
- source/NVD
- vendor/samsung
- canonical/samsung samsung firmware
- canonical/samsung samsung
- vendor/simalliance
- canonical/simalliance toolbox browser