Insecure Default Configuration in NFC Modules on Android Devices
CVE-2019-2041

7.3HIGH

Key Information:

Vendor: Android
Status: Android
Vendor: CVE Published:; 19 April 2019

What is CVE-2019-2041?

A vulnerability exists in the configuration of NFC modules on specific Android devices, where an insecure default value may fail to adequately distinguish between individual devices. This could potentially allow local escalation of privileges without the need for additional execution rights. Exploitation of this vulnerability generally requires user interaction.

Affected Version(s)

Android Android-8.1 Android-9

References

https://source.android.com/security/bulletin/2019-04-01

x_refsource_CONFIRM

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2019
Vulnerability Reserved
Dec 10, 2018