← Back

CVE-2019-16401

nvd nist
Published: Nov 6, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status.

Affected (3)

Samsung
3 products
Galaxy S8 Plus Firmware
Galaxy S3 Firmware
Galaxy Note 2 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Galaxy S8 Plus Firmware
All versions
Running on/withPlatform Versions
Samsung
Galaxy S8 Plus
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Galaxy S3 Firmware
All versions
Running on/withPlatform Versions
Samsung
Galaxy S3
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Galaxy Note 2 Firmware
All versions
Running on/withPlatform Versions
Samsung
Galaxy Note 2
All versions

References (2)

Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.