1. CVE-Search
  2. CVE-2019-2041
ID CVE-2019-2041
Summary In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-122034690.
References
Vulnerable Configurations
  • cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-1188
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
refmap via4
confirm https://source.android.com/security/bulletin/2019-04-01
Last major update 24-08-2020 - 17:37
Published 19-04-2019 - 20:29
Last modified 24-08-2020 - 17:37
Back to Top