CVE-2019-16256

CRITICAL KEV

Samsung - Info Disclosure

Title source: llm

Description

Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.

References (2)

[Exploit, Third Party Advisory] https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-16256

Scores

CVSS v3 9.8

EPSS 0.6119

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2019-7062

Status published

Products (1)

trustedconnectivityalliance/s\@t_browser

Published Sep 12, 2019

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026