प्लेटफ़ॉर्म
android
में ठीक किया गया
7.0.1
CVE-2019-1992 is a Remote Code Execution (RCE) vulnerability affecting the Android Bluetooth stack. This flaw stems from a use-after-free condition within the btahlsdpqueryresults function, potentially allowing an attacker to execute arbitrary code. Successful exploitation requires user interaction and impacts Android versions 7.0 through 9. A patch is available in Android 7.0.1.
The impact of CVE-2019-1992 is significant due to its potential for remote code execution. An attacker could exploit this vulnerability by crafting a malicious Bluetooth connection request that triggers the use-after-free condition. This could allow them to gain control of the device, potentially stealing sensitive data, installing malware, or even using the device as a pivot point to attack other systems on the network. The requirement for user interaction limits the immediate attack surface, but it still presents a considerable risk in scenarios where users are tricked into connecting to a malicious Bluetooth device. The lack of additional execution privileges needed is a concerning factor, as it lowers the barrier to entry for attackers.
CVE-2019-1992 was published on February 28, 2019. Public proof-of-concept (POC) exploits for this vulnerability have been reported, increasing the risk of exploitation. While it is not currently listed on KEV or having an EPSS score, the availability of POCs suggests a medium probability of exploitation. The Android ID A-116222069 is associated with this vulnerability.
एक्सप्लॉइट स्थिति
EPSS
0.76% (73% शतमक)
The primary mitigation for CVE-2019-1992 is to upgrade affected Android devices to version 7.0.1 or later. If upgrading is not immediately feasible, consider temporarily disabling Bluetooth functionality to reduce the attack surface. While a direct WAF or proxy rule is unlikely to be effective against this low-level Bluetooth vulnerability, network segmentation can limit the potential blast radius. Monitoring Bluetooth connections for unusual activity may also help detect potential exploitation attempts. After upgrading, confirm the fix by attempting a Bluetooth connection with a known-good device and verifying that no unexpected behavior occurs.
Actualice a la última versión de Android disponible para su dispositivo. Consulte el boletín de seguridad de Android para obtener más detalles e instrucciones específicas del proveedor.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
It's a Remote Code Execution (RCE) vulnerability in the Android Bluetooth stack, allowing attackers to potentially execute code on a device.
If you're running Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, or 9, you are potentially affected by this vulnerability.
Upgrade your Android device to version 7.0.1 or later to patch this vulnerability.
Public proof-of-concept exploits exist, indicating a potential for exploitation, though active campaigns are not confirmed.
Refer to the National Vulnerability Database (NVD) entry for CVE-2019-1992 for more technical details.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी build.gradle फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।