CVE-2024-20839

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Mar 5, 2024

Summary

CVE-2024-20839 is a vulnerability that affects Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, as well as version 21.4.51.02 in Android 14. This vulnerability allows physical attackers to access recording files on the lock screen due to improper access control. The risk score for this vulnerability is 5, with a base severity of MEDIUM and a base score of 4.6. It does not require any privileges or user interaction, and the attack vector is physical. The impact of this vulnerability is high in terms of confidentiality, with no impact on integrity or availability. The CVE ID name for this vulnerability is CVE-2024-20839 according to the source mobile.security@samsung.com.

Remediation for this vulnerability would involve updating Samsung Voice Recorder to versions 21.5.16.01 in Android 12 and Android 13, or version 21.4.51.02 in Android 14, where the issue has been addressed.

The potential danger posed by this vulnerability is significant for organizations using affected versions of Samsung Voice Recorder on Android devices. Unauthorized access to recording files on the lock screen can lead to privacy breaches and unauthorized disclosure of sensitive information, which can have legal and reputational consequences for the organization.

It's important for organizations to promptly address this vulnerability by applying the necessary updates or patches provided by Samsung to mitigate the risk of exploitation by physical attackers seeking unauthorized access to recording files on locked devices running the affected versions of Samsung Voice Recorder in Android operating systems.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-20839 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options