Samsung Internet TWA Permission Bypass Before 24.0.0.41
CVE-2024-20837 Published on March 5, 2024

Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.

NVD

Vulnerability Analysis

CVE-2024-20837 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

LOW

Products Associated with CVE-2024-20837

Want to know whenever a new CVE is published for Samsung Internet? stack.watch will email you.

Samsung Internet

Affected Versions

Samsung Mobile Samsung Internet Version 24.0.0.41 is unaffected by CVE-2024-20837

Exploit Probability

EPSS

0.09%

Percentile

24.60%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Samsung Internet TWA Permission Bypass Before 24.0.0.41CVE-2024-20837 Published on March 5, 2024

Vulnerability Analysis

Products Associated with CVE-2024-20837

Affected Versions

Exploit Probability

Samsung Internet TWA Permission Bypass Before 24.0.0.41
CVE-2024-20837 Published on March 5, 2024