CVE-2019-2041
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-122034690.
En la configuración de módulos NFC en ciertos dispositivos, hay una posible falla para distinguir los dispositivos individuales debido a un valor predeterminado no seguro. Esto podría conducir a la escalada de privilegios local sin necesidad de privilegios de ejecución adicionales. La interacción del usuario es necesaria para la operación en Android. Versiones: Android-8.1 Android-9. ID de Android: A-122034690.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-10 CVE Reserved
- 2019-04-19 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1188: Initialization of a Resource with an Insecure Default
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://source.android.com/security/bulletin/2019-04-01 | 2020-08-24 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 8.1 Search vendor "Google" for product "Android" and version "8.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 9.0 Search vendor "Google" for product "Android" and version "9.0" | - |
Affected
| ||||||