CVE-2019-16401 Information

Feb 14, 2021 cve

Description

Samsung Galaxy S8 plus (Android version: 8.0.0 Build Number: R16NW.G955USQU5CRG3 Baseband Vendor: Qualcomm Snapdragon 835 Baseband: G955USQU5CRG3) Samsung Galaxy S3 (Android version: 4.3 Build Number: JSS15J.I9300XXUGND5 Baseband Vendor: Samsung Exynos 4412 Baseband: I9300XXUGNA8) and Samsung Galaxy Note 2 (Android version: 4.3 Build Number: JSS15J.I9300XUGND5 Baseband Vendor: Samsung Exynos 4412 Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth leaking sensitive information such as IMSI IMEI call status call setup stage internet service status signal strength current roaming status battery level and call held status.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://www.openconf.org/acsac2019/modules/request.php?module=oc_program&action=summary.php&id=210

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5

Share on: