CVE-2019-14220

Published: Sep 24, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Exploitability: 2.0 / Impact: 4.0

Source: NVD

Description

An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call. The impacted method runs with System admin privilege and if given the file name as parameter returns you the content of file. A malicious app using the affected method can then read the content of any system file which it is not authorized to read

Affected (2)

Products: Bluestacks: Bluestacks

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bluestacks Bluestacks	Up to 4.120

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bluestacks Bluestacks	Up to 4.110

Running on/with	Platform Versions
Apple Macos	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

https://support.bluestacks.com/hc/en-us/articles/360021469391-Release-Notes

Source: cve@mitre.org

Release NotesVendor Advisory

https://support.bluestacks.com/hc/en-us/articles/360033484132-BlueStacks-fails-to-restrict-access-permissions

Source: cve@mitre.org

PatchVendor Advisory

https://support.bluestacks.com/hc/en-us/articles/360021469391-Release-Notes

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.bluestacks.com/hc/en-us/articles/360033484132-BlueStacks-fails-to-restrict-access-permissions

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.