Main Vulnerability Database Vulnerabilities #VU35612

Permissions, Privileges, and Access Controls in Google Android - CVE-2019-2131

Published: August 20, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35612

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-2131

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119115683.

How to mitigate CVE-2019-2131

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2019-08-01

Permissions, Privileges, and Access Controls in Google Android - CVE-2019-2131

Detailed vulnerability description

How to mitigate CVE-2019-2131

Sources

Please verify you're human