Vulnerability CVE-2019-1997


Published: 2019-02-28

Description:
In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117508900.

Type:

CWE-330

(Use of Insufficiently Random Values)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Google -> Android 

 References:
http://www.securityfocus.com/bid/106946
https://source.android.com/security/bulletin/2019-02-01

Copyright 2020, cxsecurity.com

 

Back to Top