CVE-2018-19111
UnknownEPSS 0.22%
Last modified
CVE-2018-19111 is a vulnerability of currently unknown severity. The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS.. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cardboard | 1.2 | |
| Cardboard | 1.8 |
References
- https://www.info-sec.ca/advisories/Google-Cardboard.htmlThird Party Advisory
- https://www.info-sec.ca/advisories/Google-Cardboard.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-19111?
The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS.
How severe is CVE-2018-19111?
Severity scoring for CVE-2018-19111 is pending analysis. The EPSS model estimates a 0.22% probability of exploitation in the next 30 days.
How do I fix CVE-2018-19111?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2018-19111?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST