Published: 07/06/2019 Updated: 24/08/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege, with no additional permissions required. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-128599660.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 7.1.2
google android 7.1.1
google android 8.1
google android 8.0
google android 7.0

It's that time again: Android kicks off June's patch parade with fixes for five hijack holes

The Register • Shaun Nichols in San Francisco • 05 Jun 2019

Updates are on the way… if you have a Google device, at least Titan-ic disaster: Bluetooth blunder sinks Google's 2FA keys, free replacements offered

Google has released its June bundle of security vulnerability patches for Android, with fixes for 22 CVE-listed flaws included. This month's update, including eight critical fixes, includes patches to close up four confirmed remote code execution vulnerabilities. Google says none of the bugs have been targeted in the wild, yet. Those with Google-branded devices like the Pixel phone line will get the update directly from the Chocolate Factory, while others will need to rely on their vendor or car...

CVE-2019-2091

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect