Unauthenticated Call Answer Vulnerability in Signal Private Messenger for Android

Unauthenticated Call Answer Vulnerability in Signal Private Messenger for Android

CVE-2019-17191 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.

Learn more about our Cis Benchmark Audit For Google Android.