CVE-2019-2173

In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720

Published : 2019-10-11 19:15 Updated : 2019-10-16 17:18

4.6
CVSS Score More info
Score 4.6 / 10
4.6
Vendor Product Version URI
Google Android 7.1.1 cpe:/o:google:android:7.1.1
Google Android 7.1.2 cpe:/o:google:android:7.1.2
Google Android 8.0 cpe:/o:google:android:8.0
Google Android 8.1 cpe:/o:google:android:8.1
Google Android 9.0 cpe:/o:google:android:9.0
  1. Google (1) Search CVE
    1. Android (5) Search CVE
      1. 7.1.1
      2. 7.1.2
      3. 8.0
      4. 8.1
      5. 9.0

CWE

ID Name Description Links
CWE-276 Incorrect Default Permissions The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. CVE

History of changes

Date Event
2019-10-16 17:18
2019-10-11 19:29

New CVE