CVE-2020-0366

HIGH Year: 2020
CVSS v3 Score
7.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-1021
View all →

Vulnerability Description

In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-138443815

Related Vulnerabilities

CVE-2018-9458

HIGH
CVSS:7.8(High)

In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of ...

CWE-10212018

CVE-2018-9524

HIGH
CVSS:7.8(High)

In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileg...

CWE-10212018

CVE-2020-0051

HIGH
CVSS:7.8(High)

In onCreate of SettingsHomepageActivity, there is a possible tapjacking attack. This could lead to local escalation of privilege in Settings with no additional execution privileges needed. User intera...

CWE-10212020

CVE-2020-0394

HIGH
CVSS:7.8(High)

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing con...

CWE-10212020

CVE-2020-27059

HIGH
CVSS:7.8(High)

In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privileg...

CWE-10212020

CVE-2021-0302

HIGH
CVSS:7.8(High)

In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges ne...

CWE-10212021