CVE-2019-2175 - In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypas

CVE-2019-2175

Summary

In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

https://source.android.com/security/bulletin/2019-09-01

Vulnerable Configurations

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*

CVSS

Base:	4.4 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

refmap via4

misc

https://source.android.com/security/bulletin/2019-09-01

Last major update

24-08-2020 - 17:37

Published

05-09-2019 - 22:15

Last modified

24-08-2020 - 17:37