ID |
CVE-2020-0473
|
Summary |
In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical possession of the device to transfer files to it over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160691486 |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 2.1 (as of 16-12-2020 - 18:26) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-863 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
PARTIAL |
NONE |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:N/I:P/A:N
|
refmap
via4
|
|
Last major update |
16-12-2020 - 18:26 |
Published |
15-12-2020 - 16:15 |
Last modified |
16-12-2020 - 18:26 |