Main Vulnerability Database Vulnerabilities #VU35095

Improper Privilege Management in Google Android - CVE-2019-2233

Published: November 13, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35095

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-2233

CWE-ID: CWE-269

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

In getUserCount and getCount of UserSwitcherController.java, there is possible new user creation due to a logic error. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140486529

How to mitigate CVE-2019-2233

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2019-11-01

Improper Privilege Management in Google Android - CVE-2019-2233

Detailed vulnerability description

How to mitigate CVE-2019-2233

Sources

Please verify you're human