We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-42579



AssignerSamsungMobile
Reserved2023-09-11
Published2023-12-05
Updated2024-08-02

Description

Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack.



MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Product status

Default status
affected

5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13
unaffected

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12

cve.org CVE-2023-42579

nvd.nist.gov CVE-2023-42579

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-42579
Support options

Helpdesk Telegram

Subscribe to our newsletter to learn more about our work.