CVE-2024-20839

Summary

CVE-2024-20839 is a vulnerability that affects Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, as well as version 21.4.51.02 in Android 14. This vulnerability allows physical attackers to access recording files on the lock screen due to improper access control. The risk score for this vulnerability is 5, with a base severity of MEDIUM and a base score of 4.6. It does not require any privileges or user interaction, and the attack vector is physical. The impact of this vulnerability is high in terms of confidentiality, with no impact on integrity or availability. The CVE ID name for this vulnerability is CVE-2024-20839 according to the source [email protected]. Remediation for this vulnerability would involve updating Samsung Voice Recorder to versions 21.5.16.01 in Android 12 and Android 13, or version 21.4.51.02 in Android 14, where the issue has been addressed. The potential danger posed by this vulnerability is significant for organizations using affected versions of Samsung Voice Recorder on Android devices. Unauthorized access to recording files on the lock screen can lead to privacy breaches and unauthorized disclosure of sensitive information, which can have legal and reputational consequences for the organization. It's important for organizations to promptly address this vulnerability by applying the necessary updates or patches provided by Samsung to mitigate the risk of exploitation by physical attackers seeking unauthorized access to recording files on locked devices running the affected versions of Samsung Voice Recorder in Android operating systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.