Main Vulnerability Database Vulnerabilities #VU35999

Permissions, Privileges, and Access Controls in Google Android - CVE-2019-2041

Published: April 19, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35999

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-2041

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-122034690.

How to mitigate CVE-2019-2041

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2019-04-01

Permissions, Privileges, and Access Controls in Google Android - CVE-2019-2041

Detailed vulnerability description

How to mitigate CVE-2019-2041

Sources

Please verify you're human