Main Vulnerability Database Exploits ID:4922 - Exploit for Improper Privilege Management in Google Android - CVE-2020-0108

ID:4922 - Exploit for Improper Privilege Management in Google Android - CVE-2020-0108

Published: December 11, 2020

Vulnerability identifier: #VU45857

Vulnerability risk: Low

CVE-ID: CVE-2020-0108

CWE-ID: CWE-269

Exploitation vector: Local access

Vulnerable software:
Google Android

Link to public exploit:

https://github.com/XDo0/ServiceCheater

Vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616

Remediation

Install update from vendor's website.

ID:4922 - Exploit for Improper Privilege Management in Google Android - CVE-2020-0108

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human