Unrated severityNVD Advisory· Published Jan 22, 2020· Updated Aug 5, 2024

CVE-2018-16267

Description

The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Affected products

Tizen/Tizendescription
Samsung Mobile/Samsung Galaxyllm-fuzzy
Range: < build RE2
Tizen/Tizenllm-fuzzy
Range: <5.0 M1, <build RE2 for Galaxy Gear

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdfmitrex_refsource_MISC
review.tizen.org/git/mitrex_refsource_MISC
www.youtube.com/watchmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000