In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. This could lead to local escalation of privilege, leaving an Admin app installed with no indication to the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-132261064
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://source.android.com/security/bulletin/2019-11-01 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: google_android
Published: 2019-11-13T17:31:28
Updated: 2024-08-04T18:42:51.103Z
Reserved: 2018-12-10T00:00:00
Link: CVE-2019-2193
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-11-13T18:15:11.203
Modified: 2019-11-15T18:55:07.220
Link: CVE-2019-2193
Redhat
No data.