CVE-2021-25351

Description

Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.

CVSS breakdown

CVSS 3.1

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Affected products

Samsung Mobile / Samsung AccountAndroid P(9.0) and below – 10.7.07
Samsung Mobile / Samsung AccountAndroid Q(10.0) – 12.1.1.3

References

MISChttps://security.samsungmobile.com/
MISChttps://security.samsungmobile.com/serviceWeb.smsb