Back to search
CVE-2019-18659
Published: Nov 2, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://dl.acm.org/citation.cfm?id=3326082
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now