Published: 07/06/2019 Updated: 12/09/2019

CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 739

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate malicious user to remotely inject keystrokes on a paired Android host due to improperly used crypto. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128843052.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 7.0
google android 7.1.1
google android 7.1.2
google android 8.1
google android 8.0
google android 9.0

It's that time again: Android kicks off June's patch parade with fixes for five hijack holes

The Register • Shaun Nichols in San Francisco • 05 Jun 2019

Updates are on the way… if you have a Google device, at least Titan-ic disaster: Bluetooth blunder sinks Google's 2FA keys, free replacements offered

Google has released its June bundle of security vulnerability patches for Android, with fixes for 22 CVE-listed flaws included. This month's update, including eight critical fixes, includes patches to close up four confirmed remote code execution vulnerabilities. Google says none of the bugs have been targeted in the wild, yet. Those with Google-branded devices like the Pixel phone line will get the update directly from the Chocolate Factory, while others will need to rely on their vendor or car...

CVE-2019-2102

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect