Vulnerabilities > CVE-2019-16401 - Unspecified vulnerability in Samsung products

CVSS 3.3 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

low complexity

samsung

NVD

Published: 2019-11-06

Updated: 2020-08-24

Summary

Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status.

Vulnerable Configurations

Part	Description	Count
OS	Samsung Samsung Galaxy S8 Plus Firmware - Samsung Galaxy S3 Firmware - Samsung Galaxy Note 2 Firmware -	3
Hardware	Samsung Samsung Galaxy S8 Plus - Samsung Galaxy S3 - Samsung Galaxy Note 2 -	3

References

https://www.openconf.org/acsac2019/modules/request.php?module=oc_program&action=summary.php&id=210