Vulnerabilities > CVE-2019-17191 - Incorrect Authorization vulnerability in Signal Private Messenger

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
signal
CWE-863

Summary

The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.

Vulnerable Configurations

Part Description Count
Application
Signal
489

Common Weakness Enumeration (CWE)