CVE-2021-1020

Published at:
2021-12-15T19:15:13.980
Source: [email protected]

Global infos:

In snoozeNotification of NotificationListenerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195111725

CVE Status: Modified

References:

  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
    •

    Metrics:

    AttributeValue
    Attack ComplexityLOW
    Attack VectorLOCAL
    Availability ImpactHIGH
    Base Score7.3
    Base SeverityHIGH
    Confidentiality ImpactHIGH
    Integrity ImpactHIGH
    Privileges RequiredLOW
    ScopeUNCHANGED
    User InteractionREQUIRED
    Vector StringCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
    Exploitability Score1.3
    Impact Score5.9
    Source[email protected]
    TypePrimary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords