Plateforme
android
Corrigé dans
8.0.1
CVE-2019-1993 is an Integer Overflow vulnerability affecting the Android Bluetooth stack. This flaw resides within the registerapp function of btifhd.cc and can potentially lead to local escalation of privilege. Exploitation does not require user interaction and impacts Android versions 8.0 through 9. A patch is available in Android 8.0.1.
CVE-2019-1993 presents a risk of local privilege escalation. An attacker with physical access to the device could exploit this vulnerability to gain elevated privileges, potentially bypassing security restrictions and accessing sensitive data. While user interaction is not required, the attacker needs physical access to the device. The integer overflow could lead to a buffer overflow or other memory corruption issues, allowing the attacker to execute arbitrary code with the privileges of the affected process. This could be particularly concerning for system processes or those handling sensitive information.
CVE-2019-1993 was published on February 28, 2019. Public proof-of-concept (POC) exploits for this vulnerability are less common than for CVE-2019-1992, suggesting a lower probability of exploitation. It is not currently listed on KEV or having an EPSS score. The Android ID A-119819889 is associated with this vulnerability.
Statut de l'Exploit
EPSS
0.02% (percentile 5%)
The primary mitigation for CVE-2019-1993 is to upgrade affected Android devices to version 8.0.1 or later. If upgrading is not immediately possible, restrict physical access to the device to prevent potential exploitation. While a direct WAF or proxy rule is not applicable, consider implementing device attestation mechanisms to verify the integrity of the system. After upgrading, confirm the fix by attempting to trigger the vulnerable function and verifying that no errors or unexpected behavior occurs.
Actualice a la última versión de Android proporcionada por el fabricante de su dispositivo. Esto incluye parches de seguridad que solucionan la vulnerabilidad de corrupción de memoria.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
It's an Integer Overflow vulnerability in the Android Bluetooth stack, potentially allowing local privilege escalation.
If you're running Android 8.0, 8.1, or 9, you are potentially affected by this vulnerability.
Upgrade your Android device to version 8.0.1 or later to patch this vulnerability.
While less common than CVE-2019-1992, the possibility of exploitation exists.
Refer to the National Vulnerability Database (NVD) entry for CVE-2019-1993 for more technical details.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier build.gradle et nous te dirons instantanément si tu es affecté.