PT-2019-16209 · Google · Android
Publicado
2019-07-08
·
Atualizado
2021-07-21
·
CVE-2019-2117
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Android versions 7.0 through 9
Description
The issue is related to a missing permission check in the
checkQueryPermission function of TelephonyProvider.java. This could lead to the disclosure of secure data about carrier systems, with no additional execution privileges needed. The exploitation of this issue does not require user interaction.Recommendations
For Android versions 7.0 through 9, apply the necessary patch or update to include the missing permission check in the
checkQueryPermission function of TelephonyProvider.java. As a temporary workaround, consider restricting access to sensitive carrier system information until the issue is resolved.Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Android