CVE-2018-21078

HIGH

Samsung Android Contacts - Unauthenticated Video Call Origination via SS and USSD Code Injection

Title source: llm
STIX 2.1

Description

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018).

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://security.samsungmobile.com/securityUpdate.smsb

Scores

CVSS v3 7.5
EPSS 0.0035
EPSS Percentile 26.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (6)
google/android 6.0
google/android 7.0
google/android 7.1.0
google/android 7.1.1
google/android 7.1.2
google/android 8.0
Published Apr 08, 2020
Tracked Since Feb 18, 2026