CVE-2023-42532

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 7, 2023

Updated: Nov 13, 2023

CWE ID 295

Summary

CVE-2023-42532 is a new vulnerability affecting FotaAgent before the SMR Nov-2023 Release1. The issue involves improper certificate validation, enabling a remote attacker to intercept network traffic. This includes sensitive firmware information, posing a significant risk to system security. An attacker can capitalize on this vulnerability to gain unauthorized access to confidential data, potentially leading to serious consequences. Organizations using FotaAgent are encouraged to update to the latest release to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Samsung Android

Affected Vendors

Samsung

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sqJBFZ
https://www.cve.org/CVERecord?id=CVE-2023-42532
https://nvd.nist.gov/vuln/detail/CVE-2023-42532

Back to Vulnerability Database