CVE-2019-9461

In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://source.android.com/security/bulletin/pixel/2019-09-01	Vendor Advisory
http://www.openwall.com/lists/oss-security/2019/12/05/1	Exploit Mailing List
http://www.openwall.com/lists/oss-security/2019/12/05/2	Exploit Mailing List
http://www.openwall.com/lists/oss-security/2019/12/08/1	Exploit Mailing List

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Information

Published : 2019-09-06 15:15

Updated : 2022-01-01 12:19

NVD link : CVE-2019-9461

Mitre link : CVE-2019-9461

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

google

android

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://source.android.com/security/bulletin/pixel/2019-09-01", "name": "https://source.android.com/security/bulletin/pixel/2019-09-01", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2019/12/05/1", "name": "[oss-security] 20191204 [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.", "tags": ["Exploit", "Mailing List"], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2019/12/05/2", "name": "[oss-security] 20191205 Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.", "tags": ["Exploit", "Mailing List"], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2019/12/08/1", "name": "[oss-security] 20191208 Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.", "tags": ["Exploit", "Mailing List"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-9461", "ASSIGNER": "security@android.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2019-09-06T22:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-01-01T20:19Z"}