CVE-2022-39888
Description
Improper access control vulnerability in retrieveExternalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to access to Proxy information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper access control in Samsung's MiscPolicy allows local attackers to access proxy information, patched in SMR Nov-2022.
Vulnerability
CVE-2022-39888 is an improper access control vulnerability in the retrieveExternalProxy method within the MiscPolicy class on Samsung mobile devices. This flaw allows a local attacker to retrieve proxy information without proper authorization [1].
Exploitation
The vulnerability requires local access to the device, but no elevated privileges or user interaction are needed. An attacker with local access can exploit this through a malicious application to read proxy settings [1].
Impact
Successful exploitation leads to disclosure of proxy configuration details, which could be used to further compromise network communications or bypass security controls [1].
Mitigation
Samsung addressed this issue in the November 2022 Security Maintenance Release (SMR). Users are advised to apply the update to ensure their devices are protected [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: < SMR Nov-2022 Release 1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.