exploitDog

CVE-2019-9464

Опубликовано: 06 дек. 2019

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068

Ссылки

https://source.android.com/security/bulletin/2019-12-01
Patch
Vendor Advisory
https://source.android.com/security/bulletin/2019-12-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00075

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-j65x-pp5m-j68h

github

больше 3 лет назад

In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068

EPSS

Процентиль: 23%

0.00075

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-732