CVE-2020-0386
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155650356
En la función onCreate del archivo RequestPermissionActivity.java, se presenta un posible vector de secuestro debido a un valor predeterminado no seguro. Esto podría conllevar a una escalada de privilegios local que permite a un atacante configurar la detección de Bluetooth con los privilegios de ejecución User necesarios. Es requerida una interacción del usuario para su explotación. Producto: Android, Versiones: Android-8.0, Android-8.1 Android-9 Android-10 Android-11, ID de Android: A-155650356
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-10-17 CVE Reserved
- 2020-09-17 CVE Published
- 2023-06-03 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1021: Improper Restriction of Rendered UI Layers or Frames
- CWE-1188: Initialization of a Resource with an Insecure Default
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://source.android.com/security/bulletin/2020-09-01 | 2021-07-21 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 8.0 Search vendor "Google" for product "Android" and version "8.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 8.1 Search vendor "Google" for product "Android" and version "8.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 9.0 Search vendor "Google" for product "Android" and version "9.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 10.0 Search vendor "Google" for product "Android" and version "10.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 11.0 Search vendor "Google" for product "Android" and version "11.0" | - |
Affected
| ||||||