Samsung Update Setup < 2.2.9.50: DLL Hijacking Exec CVE-2022-36840
CVE-2022-36840 Published on August 5, 2022

DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.

NVD

Vulnerability Analysis

CVE-2022-36840 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

What is a DLL preloading Vulnerability?

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

CVE-2022-36840 has been classified to as a DLL preloading vulnerability or weakness.


Products Associated with CVE-2022-36840

Want to know whenever a new CVE is published for Samsung Update? stack.watch will email you.

Samsung Update
 

Affected Versions

Samsung Mobile Samsung Update Setup:

Exploit Probability

EPSS
0.06%
Percentile
18.69%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.