Back to KEVs

CVE-2019-16256

Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location...

Basic Information

CVE State: PUBLISHED
Reserved Date: September 12, 2019
Published Date: September 12, 2019
Last Updated: February 04, 2025
Vendor: Samsung
Product: SIMalliance Toolbox Browser
Description: Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2021-11-03 00:00:00 UTC) Source

References

https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC

Timeline

CVE ID Reserved

September 12, 2019
CVE Published to Public

September 12, 2019
Added to KEVIntel

November 03, 2021