CVE-2019-2183

In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-136261465

Published : 2019-10-11 19:15 Updated : 2019-10-16 17:47

2.1

CVSS Score More info

Score 2.1 / 10

Access vector LOCAL

A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account. Examples of locally exploitable vulnerabilities are peripheral attacks such as Firewire/USB DMA attacks, and local privilege escalations (e.g., sudo).

Access complexity LOW

Specialized access conditions or extenuating circumstances do not exist. The following are examples:

The affected product typically requires access to a wide range of systems and users, possibly anonymous and untrusted (e.g., Internet-facing web or mail server).
The affected configuration is default or ubiquitous.
The attack can be performed manually and requires little skill or additional information gathering.
The race condition is a lazy one (i.e., it is technically a race but easily winnable).

Authentication NONE

Authentication is not required to exploit the vulnerability.

Confidentiality impact PARTIAL

There is considerable informational disclosure. Access to some system files is possible, but the attacker does not have control over what is obtained, or the scope of the loss is constrained. An example is a vulnerability that divulges only certain tables in a database.

Integrity impact NONE

There is no impact to the integrity of the system.

Availability impact NONE

There is no impact to the availability of the system.

CPE (2)
Tree view

Vendor	Product	Version	URI
Google	Android	9.0	cpe:/o:google:android:9.0
Google	Android	10.0	cpe:/o:google:android:10.0

Google (1) Search CVE
1. Android (2) Search CVE
  1. 9.0
  2. 10.0

CWE

ID	Name	Description	Links
CWE-200	Information Exposure	An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.		CVE