CVE-2019-14220

MEDIUM EPSS 55.3%
Published Sep 24, 20196y ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Sep 24, 2019 6y ago
Last Modified Jun 17, 2026 2w ago

Description

An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call. The impacted method runs with System admin privilege and if given the file name as parameter returns you the content of file. A malicious app using the affected method can then read the content of any system file which it is not authorized to read

CVSS Details

Base Score
6.5
Exploitability
2.0
Impact
4.0
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
55.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-269 Improper Privilege Management Authorization

Affected Products 4

VendorProductVersionRange
bluestacksbluestacks* ≤4.120
microsoftwindows*any
bluestacksbluestacks* ≤4.110
applemacos*any

References 2

  • support.bluestacks.com https://support.bluestacks.com/hc/en-us/articles/360021469391-Release-Notes
    Release NotesVendor Advisory
  • support.bluestacks.com https://support.bluestacks.com/hc/en-us/articles/360033484132-BlueStacks-fails-to-restrict-access-permissions
    PatchVendor Advisory

Remediation

  • support.bluestacks.com https://support.bluestacks.com/hc/en-us/articles/360033484132-BlueStacks-fails-to-restrict-access-permissions
    PatchVendor Advisory