平台
android
组件
s-assistant
修复版本
6.5.01.22
CVE-2021-25341 describes a Denial of Service (DoS) vulnerability affecting S Assistant versions up to and including 6.5.01.22. This vulnerability allows unauthorized actions, specifically a DoS attack, by exploiting a flaw in provider handling. A fix is available in version 6.5.01.22, addressing this security concern.
The vulnerability allows an attacker to trigger a denial of service within the S Assistant application. By hijacking a provider, the attacker can disrupt the normal operation of the application, potentially preventing legitimate users from accessing its features. This could lead to service outages and user frustration. The impact is primarily focused on application availability, but could also indirectly affect any services reliant on S Assistant.
CVE-2021-25341 was publicly disclosed on March 4, 2021. No public proof-of-concept (PoC) code has been widely reported. The vulnerability is not currently listed on the CISA KEV catalog. The CVSS score of 4 (MEDIUM) indicates a moderate probability of exploitation.
Users of S Assistant running versions prior to 6.5.01.22 are at risk. This includes individuals using older versions of the application on their Android devices, as well as organizations deploying S Assistant across their mobile workforce.
• android / application: Monitor application logs for unusual provider call patterns or errors related to provider initialization. Use Android Debug Bridge (ADB) to inspect running processes and identify any unexpected provider activity. • android / application: Check for suspicious permissions granted to the S Assistant application that could facilitate provider hijacking. • android / application: Examine the application's manifest file for any insecure provider declarations.
disclosure
漏洞利用状态
EPSS
0.05% (17% 百分位)
CVSS 向量
The primary mitigation for CVE-2021-25341 is to upgrade S Assistant to version 6.5.01.22 or later. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider implementing network-level restrictions to prevent unauthorized provider calls. While a direct WAF rule is unlikely, monitoring for unusual provider call patterns could provide early warning signs. After upgrading, confirm the fix by attempting to trigger the vulnerable provider call and verifying that the application does not crash or become unresponsive.
将 S Assistant 应用程序更新到 6.5.01.22 或更高版本。此更新修复了允许执行未经授权操作和拒绝服务攻击的漏洞。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2021-25341 is a Denial of Service vulnerability in S Assistant versions up to 6.5.01.22, allowing attackers to disrupt application functionality by hijacking a provider.
Yes, if you are using S Assistant version 6.5.01.22 or earlier, you are potentially vulnerable to this DoS attack.
Upgrade S Assistant to version 6.5.01.22 or later to resolve this vulnerability. If immediate upgrading is not possible, consider network-level restrictions.
While no widespread exploitation has been publicly confirmed, the vulnerability remains a potential risk until patched.
Refer to the vendor's security advisory for detailed information and updates regarding CVE-2021-25341.
上传你的 build.gradle 文件,立即知道是否受影响。