Unauthorized Access to Call Status in Snapdragon Devices

Unauthorized Access to Call Status in Snapdragon Devices

CVE-2019-14002 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130

Learn more about our Cis Benchmark Audit For Bind.