Plateforme
android
Composant
s-assistant
Corrigé dans
6.5.01.22
CVE-2021-25341 describes a Denial of Service (DoS) vulnerability affecting S Assistant versions up to and including 6.5.01.22. This vulnerability allows unauthorized actions, specifically a DoS attack, by exploiting a flaw in provider handling. A fix is available in version 6.5.01.22, addressing this security concern.
The vulnerability allows an attacker to trigger a denial of service within the S Assistant application. By hijacking a provider, the attacker can disrupt the normal operation of the application, potentially preventing legitimate users from accessing its features. This could lead to service outages and user frustration. The impact is primarily focused on application availability, but could also indirectly affect any services reliant on S Assistant.
CVE-2021-25341 was publicly disclosed on March 4, 2021. No public proof-of-concept (PoC) code has been widely reported. The vulnerability is not currently listed on the CISA KEV catalog. The CVSS score of 4 (MEDIUM) indicates a moderate probability of exploitation.
Users of S Assistant running versions prior to 6.5.01.22 are at risk. This includes individuals using older versions of the application on their Android devices, as well as organizations deploying S Assistant across their mobile workforce.
• android / application: Monitor application logs for unusual provider call patterns or errors related to provider initialization. Use Android Debug Bridge (ADB) to inspect running processes and identify any unexpected provider activity. • android / application: Check for suspicious permissions granted to the S Assistant application that could facilitate provider hijacking. • android / application: Examine the application's manifest file for any insecure provider declarations.
disclosure
Statut de l'Exploit
EPSS
0.05% (percentile 17%)
Vecteur CVSS
The primary mitigation for CVE-2021-25341 is to upgrade S Assistant to version 6.5.01.22 or later. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider implementing network-level restrictions to prevent unauthorized provider calls. While a direct WAF rule is unlikely, monitoring for unusual provider call patterns could provide early warning signs. After upgrading, confirm the fix by attempting to trigger the vulnerable provider call and verifying that the application does not crash or become unresponsive.
Mettez à jour l'application S Assistant à la version 6.5.01.22 ou ultérieure. Cette mise à jour corrige la vulnérabilité permettant l'exécution d'actions non autorisées et des attaques par déni de service.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2021-25341 is a Denial of Service vulnerability in S Assistant versions up to 6.5.01.22, allowing attackers to disrupt application functionality by hijacking a provider.
Yes, if you are using S Assistant version 6.5.01.22 or earlier, you are potentially vulnerable to this DoS attack.
Upgrade S Assistant to version 6.5.01.22 or later to resolve this vulnerability. If immediate upgrading is not possible, consider network-level restrictions.
While no widespread exploitation has been publicly confirmed, the vulnerability remains a potential risk until patched.
Refer to the vendor's security advisory for detailed information and updates regarding CVE-2021-25341.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier build.gradle et nous te dirons instantanément si tu es affecté.