Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status.
References
Link | Resource |
---|---|
https://www.openconf.org/acsac2019/modules/request.php?module=oc_program&action=summary.php&id=210 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-06T22:14:04
Updated: 2019-11-06T22:14:04
Reserved: 2019-09-18T00:00:00
Link: CVE-2019-16401
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-11-06T23:15:10.463
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-16401
JSON object: View
Redhat Information
No data.
CWE