CVE-2019-2197

MEDIUM

Android - Info Disclosure

Title source: llm

Description

In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact list with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-138529441

References (1)

[Vendor Advisory] https://source.android.com/security/bulletin/2019-11-01

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 3.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-1188

Status published

Products (4)

google/android 8.0

google/android 8.1

google/android 9.0

google/android 10.0

Published Nov 13, 2019

Tracked Since Feb 18, 2026