Main Vulnerability Database Vulnerabilities #VU35430

Inadequate Encryption Strength in Google Android - CVE-2019-9399

Published: September 27, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35430

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-9399

CWE-ID: CWE-326

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Print Service is susceptible to man in the middle attacks due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115635664

How to mitigate CVE-2019-9399

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/android-10

Inadequate Encryption Strength in Google Android - CVE-2019-9399

Detailed vulnerability description

How to mitigate CVE-2019-9399

Sources

Please verify you're human