CISA KEV 정보
| 취약점명 | SIMalliance Toolbox Browser Command Injection Vulnerability |
|---|---|
| 설명 | SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| 등록일 (KEV) | 2021-11-03 |
| 조치 기한 | 2022-05-03 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2019-16256 |
NVD 상세 정보
CVSS v3.1: 9.8 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P설명: Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.
참조
- https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile [Exploit, Third Party Advisory]
- https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile [Exploit, Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-16256 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.