Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service.
oryginał ENCVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NSamsung Knox
APPSamsung1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
VPN
CWE
Powiązane podatności
CVE-2019-6744MEDIUM4.3ten sam produkt
This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsu...
CVE-2016-1919MEDIUM4.7ten sam produkt
Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtai...
CVE-2016-3996MEDIUM5.5ten sam produkt
ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users ...
CVE-2025-4632CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Path Traversal w Samsung MagicINFO 9 Server — zapis plików jako SYSTEM
CVE-2026-28573CRITICAL10.0ten sam vendor
In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. Th...