CVE-2022-36442

CVE-2022-36442

by mrahier96

Abstract Advisory Information

By using the embedded Google Chrome application, it is possible to install downloaded APK

Author: Valentin Giannini & Alexandre Guldner

Version affected

Name: Zebra Enterprise Home Screen

Versions: 4.1.19

Common Vulnerability Scoring System

7.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Patch

none

References

Vulnerability Disclosure Timeline

  • 12/05/2022: Vulnerability discovery.
  • 12/05/2022: Vulnerability Report to CERT-XLM.
  • 13/05/2022: Vulnerability Report to Vendor through Bug bounty platform.
  • 16/05/2022: Acknowledge from the vendor regarding 1st vulnerability.
  • 24/06/2022: Vulnerability Report to Zebra Tech Support EMEA.
  • 27/06/2022: Acknowledge from Zebra Tech Support EMEA.
  • 08/07/2022: Update asked to vendor.
  • 08/07/2022: Acknowledge from the vendor but the same answer.
  • 22/07/2022: Request CVE ID to Mitre.
  • 25/07/2022: CVE IDs assigned: CVE-2022-36442
  • 05/08/2022: Second acknowledge from vendor with ticket number: 12763250
  • 12/08/2022: Vendor claimed vulnerabilities are not worth fixing.
  • 30/11/2022: Vulnerability disclosure
Top